Search...

Fedora 20 : qt-4.8.5-15.fc20 (2013-22860)

2014-01-23T00:00:00

ID FEDORA_2013-22860.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
Modified 2021-01-11T00:00:00

Description

Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml

In addition, this update :

adds support for the aarch64 architecture,

fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),

fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,

reverts the faulty 'Discover printers shared by CUPS 1.6 (#980952)' patch, which broke default printer selection and caused crash bug #1054312.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-22860.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72096);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_xref(name:"FEDORA", value:"2013-22860");

  script_name(english:"Fedora 20 : qt-4.8.5-15.fc20 (2013-22860)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Qt Project Security Advisory: XML Entity Expansion Denial of Service
(CVE-2013-4549) See also
http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht
ml

In addition, this update :

  - adds support for the aarch64 architecture,

    - fixes QTBUG-35459, a too low character limit for XML
      entities enforced by the fix for CVE-2013-4549 that
      was breaking real-world XML files (in particular, the
      KatePart Lilypond syntax highlighting description),

    - fixes QTBUG-35460, a misspelling in the error message
      produced by the CVE-2013-4549 fix when the character
      limit for XML entities was exceeded,

    - reverts the faulty 'Discover printers shared by CUPS
      1.6 (#980952)' patch, which broke default printer
      selection and caused crash bug #1054312.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6cfa8350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054312"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126984.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a8e2e57e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected qt package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC20", reference:"qt-4.8.5-15.fc20")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt");
}

JSON Vulners Source

Initial Source

{"id": "FEDORA_2013-22860.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 20 : qt-4.8.5-15.fc20 (2013-22860)", "description": "Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS 1.6 (#980952)' patch, which broke default printer selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-01-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/72096", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1054312", "http://www.nessus.org/u?a8e2e57e", "http://www.nessus.org/u?6cfa8350"], "cvelist": ["CVE-2013-4549"], "immutableFields": [], "lastseen": "2022-04-16T14:01:00", "viewCount": 1, "enchantments": {"dependencies": {}, "score": {"value": 3.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2013-4549"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444"]}]}, "exploitation": null, "vulnersScore": 3.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "72096", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22860.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72096);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-22860\");\n\n script_name(english:\"Fedora 20 : qt-4.8.5-15.fc20 (2013-22860)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt Project Security Advisory: XML Entity Expansion Denial of Service\n(CVE-2013-4549) See also\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML\n entities enforced by the fix for CVE-2013-4549 that\n was breaking real-world XML files (in particular, the\n KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS\n 1.6 (#980952)' patch, which broke default printer\n selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1054312\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126984.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8e2e57e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qt-4.8.5-15.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:20"], "solution": "Update the affected qt package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2013-12-06T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"nessus": [{"lastseen": "2021-08-19T12:50:04", "description": "- added patches :\n\n - disallow-deep-or-widely-nested-entity-references.patch:\n upstream fix for bnc#856832 and CVE-2013-4549: xml entity expansion attacks", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt5-qtbase (openSUSE-SU-2014:0173-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libQt5Gui5", "p-cpe:/a:novell:opensuse:libQt5Gui5-32bit", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5", "p-cpe:/a:novell:opensuse:libQt5Sql5-32bit", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5", "p-cpe:/a:novell:opensuse:libQt5Test5-32bit", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5", "p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo", "p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase", "p-cpe:/a:novell:opensuse:libqt5-qtbase-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel", "p-cpe:/a:novell:opensuse:libqt5-qtbase-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-94.NASL", "href": "https://www.tenable.com/plugins/nessus/75412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-94.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75412);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt5-qtbase (openSUSE-SU-2014:0173-1)\");\n script_summary(english:\"Check for the openSUSE-2014-94 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - added patches :\n\n - disallow-deep-or-widely-nested-entity-references.patch:\n upstream fix for bnc#856832 and CVE-2013-4549: xml\n entity expansion attacks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt5-qtbase packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Gui5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Sql5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Test5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libQt5Widgets5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-qtbase-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt5-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Gui5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Gui5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Sql5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Sql5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Test5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Test5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Widgets5-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libQt5Widgets5-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-debugsource-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-devel-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-devel-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-qtbase-private-headers-devel-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-mysql-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-mysql-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-postgresql-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-postgresql-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-sqlite-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-sqlite-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-unixODBC-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt5-sql-unixODBC-debuginfo-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Gui5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Sql5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Test5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Test5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libQt5Widgets5-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-qtbase-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-mysql-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-mysql-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-postgresql-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-postgresql-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-sqlite-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-sqlite-debuginfo-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-unixODBC-32bit-5.1.1-6.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt5-sql-unixODBC-debuginfo-32bit-5.1.1-6.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libQt5Gui5-32bit / libQt5Gui5 / libQt5Gui5-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:50:23", "description": "Richard J. Moore reports :\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed.\n\nIt is possible to construct XML documents using internal entities that consume large amounts of memory and other resources to process, this is known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did not offer protection against this issue.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-06T00:00:00", "type": "nessus", "title": "FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:qt4-xml", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_89709E58D49711E3A3D55453ED2E2B49.NASL", "href": "https://www.tenable.com/plugins/nessus/73881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73881);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Richard J. Moore reports :\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports expansion of\ninternal entities in XML documents without placing restrictions to\nensure the document does not cause excessive memory usage. If an\napplication using this API processes untrusted data then the\napplication may use unexpected amounts of memory if a malicious\ndocument is processed.\n\nIt is possible to construct XML documents using internal entities that\nconsume large amounts of memory and other resources to process, this\nis known as the 'Billion Laughs' attack. Qt versions prior to 5.2 did\nnot offer protection against this issue.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://vuxml.freebsd.org/freebsd/89709e58-d497-11e3-a3d5-5453ed2e2b49.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0639c59\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:qt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"qt4-xml<4.8.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:49:18", "description": "- Fixes XML Entity Expansion Denial of Service (bnc#856832, CVE-2013-4549)\n\n - add backported patch libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch libqt4-fully-expand-all-entities.patch", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0067-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2014-38.NASL", "href": "https://www.tenable.com/plugins/nessus/75369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-38.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75369);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0067-1)\");\n script_summary(english:\"Check for the openSUSE-2014-38 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-debugsource-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-data-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-debuginfo-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-devel-doc-debugsource-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-private-headers-devel-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-qt3support-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-qt3support-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-mysql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-mysql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-plugins-debugsource-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-postgresql-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-sqlite-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-unixODBC-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-x11-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libqt4-x11-debuginfo-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"qt4-x11-tools-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"qt4-x11-tools-debuginfo-4.8.4-3.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.4-3.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.4-3.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:06:44", "description": "Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS 1.6 (#980952)' patch, which broke default printer selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-01-23T00:00:00", "type": "nessus", "title": "Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-22932.NASL", "href": "https://www.tenable.com/plugins/nessus/72097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22932.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72097);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-22932\");\n\n script_name(english:\"Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Qt Project Security Advisory: XML Entity Expansion Denial of Service\n(CVE-2013-4549) See also\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update :\n\n - adds support for the aarch64 architecture,\n\n - fixes QTBUG-35459, a too low character limit for XML\n entities enforced by the fix for CVE-2013-4549 that\n was breaking real-world XML files (in particular, the\n KatePart Lilypond syntax highlighting description),\n\n - fixes QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - reverts the faulty 'Discover printers shared by CUPS\n 1.6 (#980952)' patch, which broke default printer\n selection and caused crash bug #1054312.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1054312\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127010.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed26140a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"qt-4.8.5-15.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:52:05", "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-12-18T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libqt4-xml", "p-cpe:/a:canonical:ubuntu_linux:libqt5xml5", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/o:canonical:ubuntu_linux:13.10"], "id": "UBUNTU_USN-2057-1.NASL", "href": "https://www.tenable.com/plugins/nessus/71518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2057-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71518);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n script_xref(name:\"USN\", value:\"2057-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that QXmlSimpleReader in Qt incorrectly handled XML\nentity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2057-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4-xml and / or libqt5xml5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt4-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libqt5xml5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.04|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.04 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.1-0ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.3+dfsg-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.4+dfsg-0ubuntu9.5\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"libqt5xml5\", pkgver:\"5.0.1+dfsg-0ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libqt4-xml\", pkgver:\"4:4.8.4+dfsg-0ubuntu18.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libqt5xml5\", pkgver:\"5.0.2+dfsg1-7ubuntu11.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-xml / libqt5xml5\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:50:50", "description": "The remote host is affected by the vulnerability described in GLSA-201403-04 (QtCore: Denial of Service)\n\n A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCore, possibly resulting in Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-14T00:00:00", "type": "nessus", "title": "GLSA-201403-04 : QtCore: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:qtcore", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201403-04.NASL", "href": "https://www.tenable.com/plugins/nessus/72997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201403-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72997);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_bugtraq_id(64418);\n script_xref(name:\"GLSA\", value:\"201403-04\");\n\n script_name(english:\"GLSA-201403-04 : QtCore: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201403-04\n(QtCore: Denial of Service)\n\n A vulnerability in QXmlSimpleReader’s XML entity parsing has been\n discovered.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted XML\n file using an application linked against QtCore, possibly resulting in\n Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201403-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All QtCore users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-qt/qtcore-4.8.5-r1'\n Packages which depend on this library may need to be recompiled. Tools\n such as revdep-rebuild may assist in identifying these packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:qtcore\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-qt/qtcore\", unaffected:make_list(\"ge 4.8.5-r1\"), vulnerable:make_list(\"lt 4.8.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"QtCore\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:49:18", "description": "- Fixes XML Entity Expansion Denial of Service (bnc#856832, CVE-2013-4549)\n\n - add backported patch libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch libqt4-fully-expand-all-entities.patch", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0125-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-linguist", "p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-79.NASL", "href": "https://www.tenable.com/plugins/nessus/75405", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-79.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75405);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0125-1)\");\n script_summary(english:\"Check for the openSUSE-2014-79 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-linguist-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-debugsource-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-data-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-debuginfo-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-devel-doc-debugsource-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-linguist-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-linguist-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-private-headers-devel-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-qt3support-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-qt3support-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-mysql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-mysql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-plugins-debugsource-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-postgresql-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-sqlite-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-unixODBC-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-x11-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libqt4-x11-debuginfo-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qt4-x11-tools-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"qt4-x11-tools-debuginfo-4.8.5-5.9.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.5-5.9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.5-5.9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:51:22", "description": "The Qt library was updated to fix a XML entity expansion attack (XXE).\n(CVE-2013-4549)", "cvss3": {"score": null, "vector": null}, "published": "2014-02-21T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : libQt (SAT Patch Number 8907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libQtWebKit4", "p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4", "p-cpe:/a:novell:suse_linux:11:libqt4-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support", "p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC", "p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:suse_linux:11:libqt4-x11", "p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit", "p-cpe:/a:novell:suse_linux:11:qt4-x11-tools", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBQTWEBKIT-DEVEL-140215.NASL", "href": "https://www.tenable.com/plugins/nessus/72615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72615);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"SuSE 11.3 Security Update : libQt (SAT Patch Number 8907)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Qt library was updated to fix a XML entity expansion attack (XXE).\n(CVE-2013-4549)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4549.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8907.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libQtWebKit4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libQtWebKit4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-qt3support-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-sql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-sql-mysql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-sql-postgresql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-sql-sqlite-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-sql-unixODBC-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libqt4-x11-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libQtWebKit4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-qt3support-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-x11-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libQtWebKit4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-qt3support-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-sql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-sql-mysql-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-sql-sqlite-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libqt4-x11-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"qt4-x11-tools-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libQtWebKit4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libqt4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libqt4-qt3support-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libqt4-sql-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libqt4-x11-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libQtWebKit4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.6.3-5.29.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.6.3-5.29.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:51:38", "description": "This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-24T00:00:00", "type": "nessus", "title": "Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt3", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-22847.NASL", "href": "https://www.tenable.com/plugins/nessus/72110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22847.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72110);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_xref(name:\"FEDORA\", value:\"2013-22847\");\n\n script_name(english:\"Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6876f41c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qt3-3.3.8b-56.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:51:35", "description": "This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-01-24T00:00:00", "type": "nessus", "title": "Fedora 19 : qt3-3.3.8b-56.fc19 (2013-22883)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt3", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-22883.NASL", "href": "https://www.tenable.com/plugins/nessus/72111", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22883.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72111);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4549\");\n script_xref(name:\"FEDORA\", value:\"2013-22883\");\n\n script_name(english:\"Fedora 19 : qt3-3.3.8b-56.fc19 (2013-22883)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2013-4549 (XML Entity Expansion Denial of\nService) in Qt 3. See the Qt Project Security Advisory for details:\nhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.ht\nml\n\nIn addition, this update fixes :\n\n - QTBUG-35459, a too low character limit for XML entities\n enforced by the fix for CVE-2013-4549 that was breaking\n real-world XML files (in particular, the KatePart\n Lilypond syntax highlighting description),\n\n - QTBUG-35460, a misspelling in the error message\n produced by the CVE-2013-4549 fix when the character\n limit for XML entities was exceeded,\n\n - some minor format string abuse that was probably not\n exploitable (most instances definitely weren't).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cfa8350\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84310b05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"qt3-3.3.8b-56.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:50:09", "description": "- Fixes XML Entity Expansion Denial of Service (bnc#856832, CVE-2013-4549)\n\n - add backported patch libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch libqt4-fully-expand-all-entities.patch", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2014:0070-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libqt4", "p-cpe:/a:novell:opensuse:libqt4-32bit", "p-cpe:/a:novell:opensuse:libqt4-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-debugsource", "p-cpe:/a:novell:opensuse:libqt4-devel", "p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-data", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource", "p-cpe:/a:novell:opensuse:libqt4-private-headers-devel", "p-cpe:/a:novell:opensuse:libqt4-qt3support", "p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql", "p-cpe:/a:novell:opensuse:libqt4-sql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11", "p-cpe:/a:novell:opensuse:libqt4-x11-32bit", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo", "p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit", "p-cpe:/a:novell:opensuse:qt4-x11-tools", "p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2014-44.NASL", "href": "https://www.tenable.com/plugins/nessus/75390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-44.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75390);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4549\");\n\n script_name(english:\"openSUSE Security Update : libqt4 (openSUSE-SU-2014:0070-1)\");\n script_summary(english:\"Check for the openSUSE-2014-44 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes XML Entity Expansion Denial of Service\n (bnc#856832, CVE-2013-4549)\n\n - add backported patch\n libqt4-disallow-deep-or-widely-nested-entity-references.\n patch\n\n - add backported patch\n libqt4-fully-expand-all-entities.patch\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libqt4 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-devel-doc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-private-headers-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-qt3support-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-mysql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-plugins-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-postgresql-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-sqlite-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-sql-unixODBC-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libqt4-x11-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qt4-x11-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-debugsource-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-data-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debuginfo-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-devel-doc-debugsource-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-private-headers-devel-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-qt3support-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-mysql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-plugins-debugsource-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-postgresql-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-sqlite-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-sql-unixODBC-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"libqt4-x11-debuginfo-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"qt4-x11-tools-debuginfo-4.8.1-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-qt3support-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-mysql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-postgresql-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-sqlite-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-sql-unixODBC-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-32bit-4.8.1-2.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", cpu:\"x86_64\", reference:\"libqt4-x11-debuginfo-32bit-4.8.1-2.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libqt4-devel-doc-data / libqt4-devel-doc-debuginfo / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:32:06", "description": "This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.)\n\nIt also fixes the QMySql driver to work with the version of MariaDB in Fedora 27.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2018-06-11T00:00:00", "type": "nessus", "title": "Fedora 27 : qt3 (2018-0a0da2f3b7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549", "CVE-2016-10040"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt3", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-0A0DA2F3B7.NASL", "href": "https://www.tenable.com/plugins/nessus/110425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0a0da2f3b7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110425);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\", \"CVE-2016-10040\");\n script_xref(name:\"FEDORA\", value:\"2018-0a0da2f3b7\");\n\n script_name(english:\"Fedora 27 : qt3 (2018-0a0da2f3b7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader\ndue to a too lenient entityCharacterLimit in our version of the patch\nfor CVE-2013-4549. (The limit was increased from the upstream 1024 to\n65536 to address QTBUG-35459, an issue where the security fix was\nbreaking existing real-world XML files. Unfortunately, that is too\nmuch to actually fit on the CPU stack. This fix decreases the limit to\n4096.)\n\nIt also fixes the QMySql driver to work with the version of MariaDB in\nFedora 27.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a0da2f3b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"qt3-3.3.8b-74.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:29:13", "description": "This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader due to a too lenient entityCharacterLimit in our version of the patch for CVE-2013-4549. (The limit was increased from the upstream 1024 to 65536 to address QTBUG-35459, an issue where the security fix was breaking existing real-world XML files. Unfortunately, that is too much to actually fit on the CPU stack. This fix decreases the limit to 4096.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : qt3 (2018-17843a895b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549", "CVE-2016-10040"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt3", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-17843A895B.NASL", "href": "https://www.tenable.com/plugins/nessus/120254", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-17843a895b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120254);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4549\", \"CVE-2016-10040\");\n script_xref(name:\"FEDORA\", value:\"2018-17843a895b\");\n\n script_name(english:\"Fedora 28 : qt3 (2018-17843a895b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2016-10040, a stack overflow in QXmlSimpleReader\ndue to a too lenient entityCharacterLimit in our version of the patch\nfor CVE-2013-4549. (The limit was increased from the upstream 1024 to\n65536 to address QTBUG-35459, an issue where the security fix was\nbreaking existing real-world XML files. Unfortunately, that is too\nmuch to actually fit on the CPU stack. This fix decreases the limit to\n4096.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-17843a895b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt3 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"qt3-3.3.8b-74.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt3\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:50:35", "description": "New upstream stable bugfix release, as well as a fix for :\n\n - DoS vulnerability in the GIF image handler (QTBUG-38367) See also http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas ed/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-02T00:00:00", "type": "nessus", "title": "Fedora 20 : qt-4.8.6-2.fc20 (2014-5695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-5695.NASL", "href": "https://www.tenable.com/plugins/nessus/73817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5695.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73817);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\");\n script_bugtraq_id(67087);\n script_xref(name:\"FEDORA\", value:\"2014-5695\");\n\n script_name(english:\"Fedora 20 : qt-4.8.6-2.fc20 (2014-5695)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream stable bugfix release, as well as a fix for :\n\n - DoS vulnerability in the GIF image handler (QTBUG-38367)\n See also\n http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-releas\n ed/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?932c61c6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1088142\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d2a9302\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected qt package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"qt-4.8.6-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:17:42", "description": "According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)\n\n - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860", "CVE-2018-15518", "CVE-2018-19871", "CVE-2018-19872"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qt", "p-cpe:/a:huawei:euleros:qt-devel", "p-cpe:/a:huawei:euleros:qt-mysql", "p-cpe:/a:huawei:euleros:qt-odbc", "p-cpe:/a:huawei:euleros:qt-postgresql", "p-cpe:/a:huawei:euleros:qt-x11", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2656.NASL", "href": "https://www.tenable.com/plugins/nessus/132191", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132191);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4549\",\n \"CVE-2014-0190\",\n \"CVE-2015-0295\",\n \"CVE-2015-1858\",\n \"CVE-2015-1859\",\n \"CVE-2015-1860\",\n \"CVE-2018-15518\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\"\n );\n script_bugtraq_id(\n 64418,\n 67087,\n 73029,\n 74302,\n 74307,\n 74309,\n 74310\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : qt (EulerOS-SA-2019-2656)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2656\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55c39ec4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15518\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-13.h6\",\n \"qt-devel-4.8.5-13.h6\",\n \"qt-mysql-4.8.5-13.h6\",\n \"qt-odbc-4.8.5-13.h6\",\n \"qt-postgresql-4.8.5-13.h6\",\n \"qt-x11-4.8.5-13.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:17:49", "description": "According to the versions of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858)\n\n - Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860", "CVE-2018-15518", "CVE-2018-19871", "CVE-2018-19872"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:qt", "p-cpe:/a:huawei:euleros:qt-devel", "p-cpe:/a:huawei:euleros:qt-mysql", "p-cpe:/a:huawei:euleros:qt-odbc", "p-cpe:/a:huawei:euleros:qt-postgresql", "p-cpe:/a:huawei:euleros:qt-x11", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2381.NASL", "href": "https://www.tenable.com/plugins/nessus/131873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131873);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4549\",\n \"CVE-2014-0190\",\n \"CVE-2015-0295\",\n \"CVE-2015-1858\",\n \"CVE-2015-1859\",\n \"CVE-2015-1860\",\n \"CVE-2018-15518\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\"\n );\n script_bugtraq_id(\n 64418,\n 67087,\n 73029,\n 74302,\n 74307,\n 74309,\n 74310\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2381\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?951c4700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15518\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-12.h6\",\n \"qt-devel-4.8.5-12.h6\",\n \"qt-mysql-4.8.5-12.h6\",\n \"qt-odbc-4.8.5-12.h6\",\n \"qt-postgresql-4.8.5-12.h6\",\n \"qt-x11-4.8.5-12.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service (CVE-2013-4549). \n", "cvss3": {}, "published": "2014-01-17T00:20:35", "type": "mageia", "title": "Updated qt4 package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-01-17T00:20:35", "id": "MGASA-2014-0009", "href": "https://advisories.mageia.org/MGASA-2014-0009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume large amounts of resources, resulting in a denial of service (CVE-2013-4549) \n", "cvss3": {}, "published": "2014-03-03T19:58:12", "type": "mageia", "title": "Updated qt5 packages fix security vulnerability.\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-03-03T19:58:12", "id": "MGASA-2014-0115", "href": "https://advisories.mageia.org/MGASA-2014-0115.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated qt3 packages fix security vulnerabilities: QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the application may use unexpected amounts of memory if a malicious document is processed (CVE-2013-4549). A NULL pointer dereference flaw was found in QGIFFormat::fillRect in QtGui. If an application using the qt-x11 libraries opened a malicious GIF file with invalid width and height values, it could cause the application to crash (CVE-2014-0190).. \n", "cvss3": {}, "published": "2014-06-18T18:02:44", "type": "mageia", "title": "Updated qt3 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2014-06-18T18:02:44", "id": "MGASA-2014-0263", "href": "https://advisories.mageia.org/MGASA-2014-0263.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "description": "Resources exhaustion leads to denial of service.", "edition": 1, "cvss3": {}, "published": "2013-12-24T00:00:00", "title": "QT resources exhaustion", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-24T00:00:00", "id": "SECURITYVULNS:VULN:13468", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13468", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2057-1\r\nDecember 17, 2013\r\n\r\nqt4-x11, qtbase-opensource-src vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nQt could be made to consume resources and hang if it processed XML data.\r\n\r\nSoftware Description:\r\n- qt4-x11: Qt 4 libraries\r\n- qtbase-opensource-src: Qt 5 libraries\r\n\r\nDetails:\r\n\r\nIt was discovered that QXmlSimpleReader in Qt incorrectly handled XML\r\nentity expansion. An attacker could use this flaw to cause Qt applications\r\nto consume large amounts of resources, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libqt4-xml 4:4.8.4+dfsg-0ubuntu18.1\r\n libqt5xml5 5.0.2+dfsg1-7ubuntu11.1\r\n\r\nUbuntu 13.04:\r\n libqt4-xml 4:4.8.4+dfsg-0ubuntu9.5\r\n libqt5xml5 5.0.1+dfsg-0ubuntu4.1\r\n\r\nUbuntu 12.10:\r\n libqt4-xml 4:4.8.3+dfsg-0ubuntu3.2\r\n\r\nUbuntu 12.04 LTS:\r\n libqt4-xml 4:4.8.1-0ubuntu4.5\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2057-1\r\n CVE-2013-4549\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu18.1\r\n https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.2+dfsg1-7ubuntu11.1\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.4+dfsg-0ubuntu9.5\r\n https://launchpad.net/ubuntu/+source/qtbase-opensource-src/5.0.1+dfsg-0ubuntu4.1\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.3+dfsg-0ubuntu3.2\r\n https://launchpad.net/ubuntu/+source/qt4-x11/4:4.8.1-0ubuntu4.5\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "cvss3": {}, "published": "2013-12-24T00:00:00", "title": "[USN-2057-1] Qt vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-24T00:00:00", "id": "SECURITYVULNS:DOC:30136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30136", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2022-04-09T07:38:13", "description": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.", "cvss3": {}, "published": "2013-12-23T22:55:00", "type": "debiancve", "title": "CVE-2013-4549", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-23T22:55:00", "id": "DEBIANCVE:CVE-2013-4549", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4549", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-05-06T03:32:31", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt5-qtbase-5.2.1-8.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-05-06T03:32:31", "id": "FEDORA:DBA5B22BB4", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2014-01-23T11:18:08", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt3-3.3.8b-56.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-01-23T11:18:08", "id": "FEDORA:3A77E2145A", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-01-22T23:03:31", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt-4.8.5-15.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-01-22T23:03:31", "id": "FEDORA:67A2422788", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-01-22T23:07:30", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt-4.8.5-15.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-01-22T23:07:30", "id": "FEDORA:D14D0228CC", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2014-01-23T11:11:04", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt3-3.3.8b-56.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-01-23T11:11:04", "id": "FEDORA:63F3122817", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-05-06T03:40:28", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt5-qtbase-5.2.1-8.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-05-06T03:40:28", "id": "FEDORA:C06512304C", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2018-06-09T19:47:38", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: qt3-3.3.8b-74.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2016-10040"], "modified": "2018-06-09T19:47:38", "id": "FEDORA:8AF1D60603F7", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2014-06-10T03:05:58", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt3-3.3.8b-58.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2014-06-10T03:05:58", "id": "FEDORA:2B3BE22126", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2014-06-10T02:53:12", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt3-3.3.8b-58.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2014-06-10T02:53:12", "id": "FEDORA:C73FD2141E", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-05-01T22:22:53", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt-4.8.6-2.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2014-05-01T22:22:53", "id": "FEDORA:24C8621EC2", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-05-23T18:59:49", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: qt-4.8.6-5.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-0190"], "modified": "2014-05-23T18:59:49", "id": "FEDORA:14DE622969", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2014-07-26T00:11:13", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt-4.8.6-9.fc20.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2014-3970"], "modified": "2014-07-26T00:11:13", "id": "FEDORA:E690D22CFE", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Qt is a GUI software toolkit which simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Qt is written in C++ and is fully object-oriented. This package contains the shared library needed to run Qt 3 applications, as well as the README files for Qt 3. ", "edition": 2, "cvss3": {}, "published": "2018-06-09T20:44:14", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: qt3-3.3.8b-74.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2016-10040"], "modified": "2018-06-09T20:44:14", "id": "FEDORA:982BB605A2B4", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. ", "edition": 2, "cvss3": {}, "published": "2015-04-26T12:43:35", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: qt5-qtbase-5.4.1-9.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549", "CVE-2015-0295", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-1860"], "modified": "2015-04-26T12:43:35", "id": "FEDORA:4A539601477B", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:48:26", "description": "Check for the Version of qt3", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867304", "href": "http://plugins.openvas.org/nasl.php?oid=867304", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867304);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 18:41:36 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22847\");\n\n tag_insight = \"Qt is a GUI software toolkit which simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications\nfor the X Window System.\n\nQt is written in C++ and is fully object-oriented.\n\nThis package contains the shared library needed to run Qt 3\napplications, as well as the README files for Qt 3.\n\";\n\n tag_affected = \"qt3 on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22847\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html\");\n script_summary(\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:30", "description": "Check for the Version of qt", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22932", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867246", "href": "http://plugins.openvas.org/nasl.php?oid=867246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22932\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867246);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:01 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22932\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22932\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127010.html\");\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:25", "description": "Check for the Version of qt4-x11", "cvss3": {}, "published": "2013-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for qt4-x11 USN-2057-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:841664", "href": "http://plugins.openvas.org/nasl.php?oid=841664", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2057_1.nasl 8542 2018-01-26 06:57:28Z teissa $\n#\n# Ubuntu Update for qt4-x11 USN-2057-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841664);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 13:26:34 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for qt4-x11 USN-2057-1\");\n\n tag_insight = \"It was discovered that QXmlSimpleReader in Qt incorrectly\nhandled XML entity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a denial of\nservice.\";\n\n tag_affected = \"qt4-x11 on Ubuntu 13.10 ,\n Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2057-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2057-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.3+dfsg-0ubuntu3.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.1-0ubuntu4.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu18.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.2+dfsg1-7ubuntu11.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu9.5\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.1+dfsg-0ubuntu4.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-05T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22860", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867287", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22860\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867287\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 10:03:39 +0530 (Wed, 05 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22860\");\n script_tag(name:\"affected\", value:\"qt on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22860\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126984.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-12-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for qt4-x11 USN-2057-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841664", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2057_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for qt4-x11 USN-2057-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841664\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-23 13:26:34 +0530 (Mon, 23 Dec 2013)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for qt4-x11 USN-2057-1\");\n\n script_tag(name:\"affected\", value:\"qt4-x11 on Ubuntu 13.10,\n Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that QXmlSimpleReader in Qt incorrectly\nhandled XML entity expansion. An attacker could use this flaw to cause Qt\napplications to consume large amounts of resources, resulting in a denial of\nservice.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2057-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2057-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt4-x11'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.10|12\\.04 LTS|13\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.3+dfsg-0ubuntu3.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml\", ver:\"4:4.8.1-0ubuntu4.5\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu18.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.2+dfsg1-7ubuntu11.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-xml:i386\", ver:\"4:4.8.4+dfsg-0ubuntu9.5\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt5xml5:i386\", ver:\"5.0.1+dfsg-0ubuntu4.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22847", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867304", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867304\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 18:41:36 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22847\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22847\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:49:01", "description": "Check for the Version of qt3", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867251", "href": "http://plugins.openvas.org/nasl.php?oid=867251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867251);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:42 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22883\");\n\n tag_insight = \"Qt is a GUI software toolkit which simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications\nfor the X Window System.\n\nQt is written in C++ and is fully object-oriented.\n\nThis package contains the shared library needed to run Qt 3\napplications, as well as the README files for Qt 3.\n\";\n\n tag_affected = \"qt3 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22883\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\");\n script_summary(\"Check for the Version of qt3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22932", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22932\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867246\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:01 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22932\");\n script_tag(name:\"affected\", value:\"qt on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22932\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127010.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:41", "description": "Check for the Version of qt5-qtbase", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5710", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867772", "href": "http://plugins.openvas.org/nasl.php?oid=867772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5710\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867772);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:05:57 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5710\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt5-qtbase on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5710\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132648.html\");\n script_summary(\"Check for the Version of qt5-qtbase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:49:00", "description": "Check for the Version of qt5-qtbase", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5680", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867785", "href": "http://plugins.openvas.org/nasl.php?oid=867785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5680\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867785);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:01 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5680\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt5-qtbase on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5680\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132586.html\");\n script_summary(\"Check for the Version of qt5-qtbase\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:55", "description": "Gentoo Linux Local Security Checks GLSA 201403-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201403-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201403-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121164\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:01 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201403-04\");\n script_tag(name:\"insight\", value:\"A vulnerability in QXmlSimpleReaders XML entity parsing has been discovered.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201403-04\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201403-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-qt/qtcore\", unaffected: make_list(\"ge 4.8.5-r1\"), vulnerable: make_list(\"lt 4.8.5-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5710", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867772", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867772", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5710\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867772\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:05:57 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5710\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5710\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132648.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:49:00", "description": "Check for the Version of qt", "cvss3": {}, "published": "2014-02-05T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-22860", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867287", "href": "http://plugins.openvas.org/nasl.php?oid=867287", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2013-22860\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867287);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 10:03:39 +0530 (Wed, 05 Feb 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2013-22860\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22860\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126984.html\");\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~15.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-27T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2013-22883", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2013-22883\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867251\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-27 11:19:42 +0530 (Mon, 27 Jan 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2013-22883\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22883\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127047.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~56.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2014-5680", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2014-5680\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867785\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-12 09:11:01 +0530 (Mon, 12 May 2014)\");\n script_cve_id(\"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2014-5680\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5680\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132586.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.2.1~8.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-10T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2018-0a0da2f3b7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10040", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874664", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0a0da2f3b7_qt3_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qt3 FEDORA-2018-0a0da2f3b7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874664\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-10 05:57:58 +0200 (Sun, 10 Jun 2018)\");\n script_cve_id(\"CVE-2016-10040\", \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt3 FEDORA-2018-0a0da2f3b7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0a0da2f3b7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O2W3BNHY5P3AWOYWZNGJYDLLXOO52T3C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~74.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-28T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2014-8183", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3970", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2014-8183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868016\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:14:10 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-3970\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2014-8183\");\n script_tag(name:\"affected\", value:\"qt on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-8183\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135998.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.6~9.fc20.1\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2014-6083", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0190", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867821", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2014-6083\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867821\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 12:49:52 +0530 (Mon, 26 May 2014)\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2014-6083\");\n script_tag(name:\"affected\", value:\"qt on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6083\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133633.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.6~5.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2014-6896", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0190", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2014-6896\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867876\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:55:35 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-0190\", \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2014-6896\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6896\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134141.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~58.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2014-6922", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0190", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt3 FEDORA-2014-6922\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867870\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-17 09:54:41 +0530 (Tue, 17 Jun 2014)\");\n script_cve_id(\"CVE-2014-0190\", \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt3 FEDORA-2014-6922\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6922\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~58.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:52", "description": "Check for the Version of qt", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2014-5695", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0190", "CVE-2013-4549"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867744", "href": "http://plugins.openvas.org/nasl.php?oid=867744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2014-5695\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867744);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:12:44 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2014-5695\");\n\n tag_insight = \"Qt is a software toolkit for developing applications.\n\nThis package contains base tools, like string, xml, and network\nhandling.\n\";\n\n tag_affected = \"qt on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-5695\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html\");\n script_summary(\"Check for the Version of qt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.6~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "Fedora Update for qt FEDORA-2014-5695", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0190", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt FEDORA-2014-5695\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867744\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:12:44 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for qt FEDORA-2014-5695\");\n script_tag(name:\"affected\", value:\"qt on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5695\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.6~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-10T00:00:00", "type": "openvas", "title": "Fedora Update for qt3 FEDORA-2018-17843a895b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10040", "CVE-2013-4549"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_17843a895b_qt3_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qt3 FEDORA-2018-17843a895b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874667\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-10 05:58:17 +0200 (Sun, 10 Jun 2018)\");\n script_cve_id(\"CVE-2016-10040\", \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt3 FEDORA-2018-17843a895b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"qt3 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-17843a895b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMPQK37WEHT2KHWYTH4WNIAWNFKBUZ3P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt3\", rpm:\"qt3~3.3.8b~74.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-04-27T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtbase FEDORA-2015-6315", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2013-4549", "CVE-2015-1860"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869296", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869296", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for qt5-qtbase FEDORA-2015-6315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869296\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-27 05:38:25 +0200 (Mon, 27 Apr 2015)\");\n script_cve_id(\"CVE-2015-1860\", \"CVE-2015-1859\", \"CVE-2015-1858\", \"CVE-2015-0295\",\n \"CVE-2013-4549\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtbase FEDORA-2015-6315\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtbase'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtbase on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6315\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtbase\", rpm:\"qt5-qtbase~5.4.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qt (EulerOS-SA-2019-2656)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2018-15518", "CVE-2014-0190", "CVE-2018-19872", "CVE-2018-19871", "CVE-2015-0295", "CVE-2013-4549", "CVE-2015-1860"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192656", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2656\");\n script_version(\"2020-01-23T13:12:45+0000\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\", \"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\", \"CVE-2018-15518\", \"CVE-2018-19871\", \"CVE-2018-19872\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:12:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:12:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qt (EulerOS-SA-2019-2656)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2656\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2656\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qt' package(s) announced via the EulerOS-SA-2019-2656 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872)\n\nAn issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)\n\nMultiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858)\n\nMultiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\nMultiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\nQXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)\n\nThe BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295)\n\nThe GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190)\");\n\n script_tag(name:\"affected\", value:\"'qt' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.8.5~13.h6\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for qt (EulerOS-SA-2019-2381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1858", "CVE-2015-1859", "CVE-2018-15518", "CVE-2014-0190", "CVE-2018-19872", "CVE-2018-19871", "CVE-2015-0295", "CVE-2013-4549", "CVE-2015-1860"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192381", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2381\");\n script_version(\"2020-01-23T12:52:29+0000\");\n script_cve_id(\"CVE-2013-4549\", \"CVE-2014-0190\", \"CVE-2015-0295\", \"CVE-2015-1858\", \"CVE-2015-1859\", \"CVE-2015-1860\", \"CVE-2018-15518\", \"CVE-2018-19871\", \"CVE-2018-19872\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:52:29 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:52:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for qt (EulerOS-SA-2019-2381)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2381\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2381\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'qt' package(s) announced via the EulerOS-SA-2019-2381 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.(CVE-2013-4549)\n\nAn issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.(CVE-2018-19871)\n\nQXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.(CVE-2018-15518)\n\nAn issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.(CVE-2018-19872)\n\nMultiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.(CVE-2015-1858)\n\nMultiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\nMultiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\nThe BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.(CVE-2015-0295)\n\nThe GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.(CVE-2014-0190)\");\n\n script_tag(name:\"affected\", value:\"'qt' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"qt\", rpm:\"qt~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-devel\", rpm:\"qt-devel~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-mysql\", rpm:\"qt-mysql~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-odbc\", rpm:\"qt-odbc~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-postgresql\", rpm:\"qt-postgresql~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qt-x11\", rpm:\"qt-x11~4.8.5~12.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:41:22", "description": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.", "cvss3": {}, "published": "2013-12-23T22:55:00", "type": "cve", "title": "CVE-2013-4549", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2021-06-16T12:44:00", "cpe": ["cpe:/a:qt:qt:5.0.2", "cpe:/a:digia:qt:5.1.0"], "id": "CVE-2013-4549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4549", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digia:qt:5.1.0:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:52:40", "description": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to\ncause a denial of service (memory consumption) via an XML Entity Expansion\n(XEE) attack.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/qt4-x11/+bug/1259577>\n", "cvss3": {}, "published": "2013-12-05T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4549", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-05T00:00:00", "id": "UB:CVE-2013-4549", "href": "https://ubuntu.com/security/CVE-2013-4549", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nRichard J. Moore reports:\n\nQXmlSimpleReader in Qt versions prior to 5.2 supports\n\t expansion of internal entities in XML documents without\n\t placing restrictions to ensure the document does not cause\n\t excessive memory usage. If an application using this API\n\t processes untrusted data then the application may use\n\t unexpected amounts of memory if a malicious document is\n\t processed.\nIt is possible to construct XML documents using internal\n\t entities that consume large amounts of memory and other\n\t resources to process, this is known as the 'Billion Laughs'\n\t attack. Qt versions prior to 5.2 did not offer protection\n\t against this issue.\n\n\n", "cvss3": {}, "published": "2013-12-05T00:00:00", "type": "freebsd", "title": "qt4-xml -- XML Entity Expansion Denial of Service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-05T00:00:00", "id": "89709E58-D497-11E3-A3D5-5453ED2E2B49", "href": "https://vuxml.freebsd.org/freebsd/89709e58-d497-11e3-a3d5-5453ed2e2b49.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:04", "description": "### Background\n\nThe Qt toolkit is a comprehensive C++ application development framework.\n\n### Description\n\nA vulnerability in QXmlSimpleReader\u2019s XML entity parsing has been discovered. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCore, possibly resulting in Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtCore users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtcore-4.8.5-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "gentoo", "title": "QtCore: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2014-03-13T00:00:00", "id": "GLSA-201403-04", "href": "https://security.gentoo.org/glsa/201403-04", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:54:35", "description": "It was discovered that QXmlSimpleReader in Qt incorrectly handled XML \nentity expansion. An attacker could use this flaw to cause Qt applications \nto consume large amounts of resources, resulting in a denial of service.\n", "cvss3": {}, "published": "2013-12-17T00:00:00", "type": "ubuntu", "title": "Qt vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4549"], "modified": "2013-12-17T00:00:00", "id": "USN-2057-1", "href": "https://ubuntu.com/security/notices/USN-2057-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}