{"id": "FREEBSD_PKG_4ED0E43C5CEF11EBBAFD3065EC8FD3EC.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)", "description": "Chrome Releases reports :\n\nThis release contains 36 security fixes, including :\n\n- [1137179] Critical CVE-2021-21117: Insufficient policy enforcement\nin Cryptohome. Reported by Rory McNamara on 2020-10-10\n\n- [1161357] High CVE-2021-21118: Insufficient data validation in V8.\nReported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23\n\n- [1160534] High CVE-2021-21119: Use after free in Media. Reported by\nAnonymous on 2020-12-20\n\n- [1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by\nNan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n2020-12-21\n\n- [1161143] High CVE-2021-21121: Use after free in Omnibox. Reported\nby Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22\n\n- [1162131] High CVE-2021-21122: Use after free in Blink. Reported by\nRenata Hodovan on 2020-12-28\n\n- [1137247] High CVE-2021-21123: Insufficient data validation in File\nSystem API. Reported by Maciej Pulikowski on 2020-10-11\n\n- [1131346] High CVE-2021-21124: Potential user after free in Speech\nRecognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of\nLegendsec at Qi'anxin Group on 2020-09-23\n\n- [1152327] High CVE-2021-21125: Insufficient policy enforcement in\nFile System API. Reported by Ron Masas (Imperva) on 2020-11-24\n\n- [1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by\nNed Williamson of Project Zero on 2021-01-05\n\n- [1108126] Medium CVE-2021-21126: Insufficient policy enforcement in\nextensions. Reported by David Erceg on 2020-07-22\n\n- [1115590] Medium CVE-2021-21127: Insufficient policy enforcement in\nextensions. Reported by Jasminder Pal Singh, Web Services Point WSP,\nKotkapura on 2020-08-12\n\n- [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.\nReported by Liang Dong on 2020-10-15\n\n- [1140403] Medium CVE-2021-21129: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1140410] Medium CVE-2021-21130: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1140417] Medium CVE-2021-21131: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1128206] Medium CVE-2021-21132: Inappropriate implementation in\nDevTools. Reported by David Erceg on 2020-09-15\n\n- [1157743] Medium CVE-2021-21133: Insufficient policy enforcement in\nDownloads. Reported by wester0x01 (https://twitter.com/wester0x01) on\n2020-12-11\n\n- [1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info.\nReported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11\n\n- [1157818] Medium CVE-2021-21135: Inappropriate implementation in\nPerformance API. Reported by ndevtk on 2020-12-11\n\n- [1038002] Low CVE-2021-21136: Insufficient policy enforcement in\nWebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on\n2019-12-27\n\n- [1093791] Low CVE-2021-21137: Inappropriate implementation in\nDevTools. Reported by bobblybear on 2020-06-11\n\n- [1122487] Low CVE-2021-21138: Use after free in DevTools. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-08-27\n\n- [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by\nDavid Manouchehri on 2020-10-08\n\n- [1140435] Low CVE-2021-21141: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20", "published": "2021-01-25T00:00:00", "modified": "2021-01-25T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/145316", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?e7ec68ce", "http://www.nessus.org/u?7ab2f89a"], "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "type": "nessus", "lastseen": "2021-02-17T02:48:16", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_88_0_4324_96.NASL", "OPENSUSE-2021-127.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_50.NASL", "GOOGLE_CHROME_88_0_4324_96.NASL", "FEDORA_2021-B7CC24375B.NASL", "OPENSUSE-2021-173.NASL", "FEDORA_2021-48866282E5.NASL", "DEBIAN_DSA-4846.NASL", "OPENSUSE-2021-166.NASL", "GENTOO_GLSA-202101-13.NASL"]}, {"type": "freebsd", "idList": ["4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202101-14", "GLSA-202101-13", "GLSA-202101-04"]}, {"type": "fedora", "idList": ["FEDORA:87F5C30A253B", "FEDORA:E0A463072F31"]}, {"type": "archlinux", "idList": ["ASA-202102-4", "ASA-202101-5", "ASA-202102-5", "ASA-202101-17"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4846-1:CCE83", "DEBIAN:DSA-4827-1:369CF"]}, {"type": "cve", "idList": ["CVE-2021-21129", "CVE-2021-21125", "CVE-2021-21141", "CVE-2021-21124", "CVE-2021-21138", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21133", "CVE-2021-21126", "CVE-2021-21131"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21137", "MS:CVE-2021-21126", "MS:CVE-2021-21136", "MS:CVE-2021-21135", "MS:CVE-2021-21120", "MS:CVE-2021-21132", "MS:CVE-2021-21139", "MS:CVE-2021-21140", "MS:CVE-2021-21133", "MS:CVE-2021-21128"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2021-21121/"]}, {"type": "centos", "idList": ["CESA-2021:0087", "CESA-2021:0053"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0052", "ELSA-2021-0089", "ELSA-2021-0053"]}, {"type": "amazon", "idList": ["ALAS2-2021-1594"]}, {"type": "redhat", "idList": ["RHSA-2021:0087", "RHSA-2021:0089", "RHSA-2021:0052", "RHSA-2021:0053", "RHSA-2021:0160", "RHSA-2021:0054"]}], "modified": "2021-02-17T02:48:16", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-02-17T02:48:16", "rev": 2}, "vulnersScore": 5.0}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145316);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2020-16044\", \"CVE-2021-21117\", \"CVE-2021-21118\", \"CVE-2021-21119\", \"CVE-2021-21120\", \"CVE-2021-21121\", \"CVE-2021-21122\", \"CVE-2021-21123\", \"CVE-2021-21124\", \"CVE-2021-21125\", \"CVE-2021-21126\", \"CVE-2021-21127\", \"CVE-2021-21128\", \"CVE-2021-21129\", \"CVE-2021-21130\", \"CVE-2021-21131\", \"CVE-2021-21132\", \"CVE-2021-21133\", \"CVE-2021-21134\", \"CVE-2021-21135\", \"CVE-2021-21136\", \"CVE-2021-21137\", \"CVE-2021-21138\", \"CVE-2021-21139\", \"CVE-2021-21140\", \"CVE-2021-21141\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 36 security fixes, including :\n\n- [1137179] Critical CVE-2021-21117: Insufficient policy enforcement\nin Cryptohome. Reported by Rory McNamara on 2020-10-10\n\n- [1161357] High CVE-2021-21118: Insufficient data validation in V8.\nReported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23\n\n- [1160534] High CVE-2021-21119: Use after free in Media. Reported by\nAnonymous on 2020-12-20\n\n- [1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by\nNan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n2020-12-21\n\n- [1161143] High CVE-2021-21121: Use after free in Omnibox. Reported\nby Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22\n\n- [1162131] High CVE-2021-21122: Use after free in Blink. Reported by\nRenata Hodovan on 2020-12-28\n\n- [1137247] High CVE-2021-21123: Insufficient data validation in File\nSystem API. Reported by Maciej Pulikowski on 2020-10-11\n\n- [1131346] High CVE-2021-21124: Potential user after free in Speech\nRecognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of\nLegendsec at Qi'anxin Group on 2020-09-23\n\n- [1152327] High CVE-2021-21125: Insufficient policy enforcement in\nFile System API. Reported by Ron Masas (Imperva) on 2020-11-24\n\n- [1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by\nNed Williamson of Project Zero on 2021-01-05\n\n- [1108126] Medium CVE-2021-21126: Insufficient policy enforcement in\nextensions. Reported by David Erceg on 2020-07-22\n\n- [1115590] Medium CVE-2021-21127: Insufficient policy enforcement in\nextensions. Reported by Jasminder Pal Singh, Web Services Point WSP,\nKotkapura on 2020-08-12\n\n- [1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.\nReported by Liang Dong on 2020-10-15\n\n- [1140403] Medium CVE-2021-21129: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1140410] Medium CVE-2021-21130: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1140417] Medium CVE-2021-21131: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\n\n- [1128206] Medium CVE-2021-21132: Inappropriate implementation in\nDevTools. Reported by David Erceg on 2020-09-15\n\n- [1157743] Medium CVE-2021-21133: Insufficient policy enforcement in\nDownloads. Reported by wester0x01 (https://twitter.com/wester0x01) on\n2020-12-11\n\n- [1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info.\nReported by wester0x01 (https://twitter.com/wester0x01) on 2020-12-11\n\n- [1157818] Medium CVE-2021-21135: Inappropriate implementation in\nPerformance API. Reported by ndevtk on 2020-12-11\n\n- [1038002] Low CVE-2021-21136: Insufficient policy enforcement in\nWebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on\n2019-12-27\n\n- [1093791] Low CVE-2021-21137: Inappropriate implementation in\nDevTools. Reported by bobblybear on 2020-06-11\n\n- [1122487] Low CVE-2021-21138: Use after free in DevTools. Reported\nby Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-08-27\n\n- [1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by\nDavid Manouchehri on 2020-10-08\n\n- [1140435] Low CVE-2021-21141: Insufficient policy enforcement in\nFile System API. Reported by Maciej Pulikowski on 2020-10-20\"\n );\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7ec68ce\"\n );\n # https://vuxml.freebsd.org/freebsd/4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ab2f89a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<88.0.4324.96\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "145316", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null, "immutableFields": []}

{"fedora": [{"lastseen": "2021-02-12T14:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-01-31T01:10:19", "published": "2021-01-31T01:10:19", "id": "FEDORA:E0A463072F31", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-88.0.4324.96-1.fc32", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-12T14:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-01-24T01:30:29", "published": "2021-01-24T01:30:29", "id": "FEDORA:87F5C30A253B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-88.0.4324.96-1.fc33", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-17T04:47:35", "description": "This update for chromium fixes the following issues :\n\nchromium was updated to 88.0.4324.96 boo#1181137\n\n - CVE-2021-21117: Insufficient policy enforcement in\n Cryptohome\n\n - CVE-2021-21118: Insufficient data validation in V8\n\n - CVE-2021-21119: Use after free in Media\n\n - CVE-2021-21120: Use after free in WebSQL\n\n - CVE-2021-21121: Use after free in Omnibox\n\n - CVE-2021-21122: Use after free in Blink\n\n - CVE-2021-21123: Insufficient data validation in File\n System API\n\n - CVE-2021-21124: Potential user after free in Speech\n Recognizer\n\n - CVE-2021-21125: Insufficient policy enforcement in File\n System API\n\n - CVE-2020-16044: Use after free in WebRTC\n\n - CVE-2021-21126: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21127: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21128: Heap buffer overflow in Blink\n\n - CVE-2021-21129: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21130: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21131: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21132: Inappropriate implementation in DevTools\n\n - CVE-2021-21133: Insufficient policy enforcement in\n Downloads\n\n - CVE-2021-21134: Incorrect security UI in Page Info\n\n - CVE-2021-21135: Inappropriate implementation in\n Performance API\n\n - CVE-2021-21136: Insufficient policy enforcement in\n WebView\n\n - CVE-2021-21137: Inappropriate implementation in DevTools\n\n - CVE-2021-21138: Use after free in DevTools\n\n - CVE-2021-21139: Inappropriate implementation in iframe\n sandbox\n\n - CVE-2021-21140: Uninitialized Use in USB\n\n - CVE-2021-21141: Insufficient policy enforcement in File\n System API", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2021-173)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-02-01T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2021-173.NASL", "href": "https://www.tenable.com/plugins/nessus/145729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-173.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145729);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2020-16044\", \"CVE-2021-21117\", \"CVE-2021-21118\", \"CVE-2021-21119\", \"CVE-2021-21120\", \"CVE-2021-21121\", \"CVE-2021-21122\", \"CVE-2021-21123\", \"CVE-2021-21124\", \"CVE-2021-21125\", \"CVE-2021-21126\", \"CVE-2021-21127\", \"CVE-2021-21128\", \"CVE-2021-21129\", \"CVE-2021-21130\", \"CVE-2021-21131\", \"CVE-2021-21132\", \"CVE-2021-21133\", \"CVE-2021-21134\", \"CVE-2021-21135\", \"CVE-2021-21136\", \"CVE-2021-21137\", \"CVE-2021-21138\", \"CVE-2021-21139\", \"CVE-2021-21140\", \"CVE-2021-21141\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-173)\");\n script_summary(english:\"Check for the openSUSE-2021-173 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nchromium was updated to 88.0.4324.96 boo#1181137\n\n - CVE-2021-21117: Insufficient policy enforcement in\n Cryptohome\n\n - CVE-2021-21118: Insufficient data validation in V8\n\n - CVE-2021-21119: Use after free in Media\n\n - CVE-2021-21120: Use after free in WebSQL\n\n - CVE-2021-21121: Use after free in Omnibox\n\n - CVE-2021-21122: Use after free in Blink\n\n - CVE-2021-21123: Insufficient data validation in File\n System API\n\n - CVE-2021-21124: Potential user after free in Speech\n Recognizer\n\n - CVE-2021-21125: Insufficient policy enforcement in File\n System API\n\n - CVE-2020-16044: Use after free in WebRTC\n\n - CVE-2021-21126: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21127: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21128: Heap buffer overflow in Blink\n\n - CVE-2021-21129: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21130: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21131: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21132: Inappropriate implementation in DevTools\n\n - CVE-2021-21133: Insufficient policy enforcement in\n Downloads\n\n - CVE-2021-21134: Incorrect security UI in Page Info\n\n - CVE-2021-21135: Inappropriate implementation in\n Performance API\n\n - CVE-2021-21136: Insufficient policy enforcement in\n WebView\n\n - CVE-2021-21137: Inappropriate implementation in DevTools\n\n - CVE-2021-21138: Use after free in DevTools\n\n - CVE-2021-21139: Inappropriate implementation in iframe\n sandbox\n\n - CVE-2021-21140: Uninitialized Use in USB\n\n - CVE-2021-21141: Insufficient policy enforcement in File\n System API\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181137\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-88.0.4324.96-lp152.2.66.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-88.0.4324.96-lp152.2.66.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-88.0.4324.96-lp152.2.66.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-88.0.4324.96-lp152.2.66.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-17T04:47:35", "description": "This update for chromium fixes the following issues :\n\nChromium was updated to 88.0.4324.96 boo#1181137\n\n - CVE-2021-21117: Insufficient policy enforcement in\n Cryptohome\n\n - CVE-2021-21118: Insufficient data validation in V8\n\n - CVE-2021-21119: Use after free in Media\n\n - CVE-2021-21120: Use after free in WebSQL\n\n - CVE-2021-21121: Use after free in Omnibox\n\n - CVE-2021-21122: Use after free in Blink\n\n - CVE-2021-21123: Insufficient data validation in File\n System API\n\n - CVE-2021-21124: Potential user after free in Speech\n Recognizer\n\n - CVE-2021-21125: Insufficient policy enforcement in File\n System API\n\n - CVE-2020-16044: Use after free in WebRTC\n\n - CVE-2021-21126: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21127: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21128: Heap buffer overflow in Blink\n\n - CVE-2021-21129: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21130: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21131: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21132: Inappropriate implementation in DevTools\n\n - CVE-2021-21133: Insufficient policy enforcement in\n Downloads\n\n - CVE-2021-21134: Incorrect security UI in Page Info\n\n - CVE-2021-21135: Inappropriate implementation in\n Performance API\n\n - CVE-2021-21136: Insufficient policy enforcement in\n WebView\n\n - CVE-2021-21137: Inappropriate implementation in DevTools\n\n - CVE-2021-21138: Use after free in DevTools\n\n - CVE-2021-21139: Inappropriate implementation in iframe\n sandbox\n\n - CVE-2021-21140: Uninitialized Use in USB\n\n - CVE-2021-21141: Insufficient policy enforcement in File\n System API", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-27T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2021-166)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2021-166.NASL", "href": "https://www.tenable.com/plugins/nessus/145485", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-166.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145485);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2020-16044\", \"CVE-2021-21117\", \"CVE-2021-21118\", \"CVE-2021-21119\", \"CVE-2021-21120\", \"CVE-2021-21121\", \"CVE-2021-21122\", \"CVE-2021-21123\", \"CVE-2021-21124\", \"CVE-2021-21125\", \"CVE-2021-21126\", \"CVE-2021-21127\", \"CVE-2021-21128\", \"CVE-2021-21129\", \"CVE-2021-21130\", \"CVE-2021-21131\", \"CVE-2021-21132\", \"CVE-2021-21133\", \"CVE-2021-21134\", \"CVE-2021-21135\", \"CVE-2021-21136\", \"CVE-2021-21137\", \"CVE-2021-21138\", \"CVE-2021-21139\", \"CVE-2021-21140\", \"CVE-2021-21141\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-166)\");\n script_summary(english:\"Check for the openSUSE-2021-166 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nChromium was updated to 88.0.4324.96 boo#1181137\n\n - CVE-2021-21117: Insufficient policy enforcement in\n Cryptohome\n\n - CVE-2021-21118: Insufficient data validation in V8\n\n - CVE-2021-21119: Use after free in Media\n\n - CVE-2021-21120: Use after free in WebSQL\n\n - CVE-2021-21121: Use after free in Omnibox\n\n - CVE-2021-21122: Use after free in Blink\n\n - CVE-2021-21123: Insufficient data validation in File\n System API\n\n - CVE-2021-21124: Potential user after free in Speech\n Recognizer\n\n - CVE-2021-21125: Insufficient policy enforcement in File\n System API\n\n - CVE-2020-16044: Use after free in WebRTC\n\n - CVE-2021-21126: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21127: Insufficient policy enforcement in\n extensions\n\n - CVE-2021-21128: Heap buffer overflow in Blink\n\n - CVE-2021-21129: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21130: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21131: Insufficient policy enforcement in File\n System API\n\n - CVE-2021-21132: Inappropriate implementation in DevTools\n\n - CVE-2021-21133: Insufficient policy enforcement in\n Downloads\n\n - CVE-2021-21134: Incorrect security UI in Page Info\n\n - CVE-2021-21135: Inappropriate implementation in\n Performance API\n\n - CVE-2021-21136: Insufficient policy enforcement in\n WebView\n\n - CVE-2021-21137: Inappropriate implementation in DevTools\n\n - CVE-2021-21138: Use after free in DevTools\n\n - CVE-2021-21139: Inappropriate implementation in iframe\n sandbox\n\n - CVE-2021-21140: Uninitialized Use in USB\n\n - CVE-2021-21141: Insufficient policy enforcement in File\n System API\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181137\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-88.0.4324.96-lp151.2.171.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-88.0.4324.96-lp151.2.171.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-88.0.4324.96-lp151.2.171.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-88.0.4324.96-lp151.2.171.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:26:49", "description": "The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.96. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop_19 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-19T00:00:00", "title": "Google Chrome < 88.0.4324.96 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_88_0_4324_96.NASL", "href": "https://www.tenable.com/plugins/nessus/145071", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145071);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\n \"CVE-2020-16044\",\n \"CVE-2021-21117\",\n \"CVE-2021-21118\",\n \"CVE-2021-21119\",\n \"CVE-2021-21120\",\n \"CVE-2021-21121\",\n \"CVE-2021-21122\",\n \"CVE-2021-21123\",\n \"CVE-2021-21124\",\n \"CVE-2021-21125\",\n \"CVE-2021-21126\",\n \"CVE-2021-21127\",\n \"CVE-2021-21128\",\n \"CVE-2021-21129\",\n \"CVE-2021-21130\",\n \"CVE-2021-21131\",\n \"CVE-2021-21132\",\n \"CVE-2021-21133\",\n \"CVE-2021-21134\",\n \"CVE-2021-21135\",\n \"CVE-2021-21136\",\n \"CVE-2021-21137\",\n \"CVE-2021-21138\",\n \"CVE-2021-21139\",\n \"CVE-2021-21140\",\n \"CVE-2021-21141\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0040-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.96 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.96. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop_19 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7ec68ce\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1160534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1160602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1162131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1131346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1108126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1128206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1038002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1093791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1122487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/937131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1136327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140435\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.96 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'88.0.4324.96', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:53:28", "description": "The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.96. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop_19 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-19T00:00:00", "title": "Google Chrome < 88.0.4324.96 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_88_0_4324_96.NASL", "href": "https://www.tenable.com/plugins/nessus/145072", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145072);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\n \"CVE-2020-16044\",\n \"CVE-2021-21117\",\n \"CVE-2021-21118\",\n \"CVE-2021-21119\",\n \"CVE-2021-21120\",\n \"CVE-2021-21121\",\n \"CVE-2021-21122\",\n \"CVE-2021-21123\",\n \"CVE-2021-21124\",\n \"CVE-2021-21125\",\n \"CVE-2021-21126\",\n \"CVE-2021-21127\",\n \"CVE-2021-21128\",\n \"CVE-2021-21129\",\n \"CVE-2021-21130\",\n \"CVE-2021-21131\",\n \"CVE-2021-21132\",\n \"CVE-2021-21133\",\n \"CVE-2021-21134\",\n \"CVE-2021-21135\",\n \"CVE-2021-21136\",\n \"CVE-2021-21137\",\n \"CVE-2021-21138\",\n \"CVE-2021-21139\",\n \"CVE-2021-21140\",\n \"CVE-2021-21141\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0040-S\");\n\n script_name(english:\"Google Chrome < 88.0.4324.96 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.96. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_01_stable-channel-update-for-desktop_19 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7ec68ce\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1160534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1160602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1161143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1162131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1131346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1152327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1163228\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1108126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1138877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1128206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1157818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1038002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1093791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1122487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/937131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1136327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1140435\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.96 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'88.0.4324.96', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-13T07:57:45", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-48866282e5 advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local\n attacker to perform OS-level privilege escalation via a crafted file. (CVE-2021-21117)\n\n - Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21118)\n\n - Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-21119)\n\n - Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21120)\n\n - Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21121)\n\n - Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21122)\n\n - Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21123)\n\n - Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21124)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21125)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass site isolation via a crafted Chrome Extension. (CVE-2021-21126)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass content security policy via a crafted Chrome Extension. (CVE-2021-21127)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21128)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21129, CVE-2021-21130,\n CVE-2021-21131)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to potentially perform a sandbox escape via a crafted Chrome Extension. (CVE-2021-21132)\n\n - Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker\n who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.\n (CVE-2021-21133)\n\n - Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker\n to spoof security UI via a crafted HTML page. (CVE-2021-21134)\n\n - Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21135)\n\n - Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21136)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to obtain potentially sensitive information from disk via a crafted HTML page. (CVE-2021-21137)\n\n - Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform a sandbox escape via a crafted file. (CVE-2021-21138)\n\n - Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21139)\n\n - Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform out of bounds memory access via via a USB device. (CVE-2021-21140)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass file extension policy via a crafted HTML page. (CVE-2021-21141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "Fedora 33 : chromium (2021-48866282e5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2021-48866282E5.NASL", "href": "https://www.tenable.com/plugins/nessus/145391", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-48866282e5\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145391);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\n \"CVE-2020-16044\",\n \"CVE-2021-21117\",\n \"CVE-2021-21118\",\n \"CVE-2021-21119\",\n \"CVE-2021-21120\",\n \"CVE-2021-21121\",\n \"CVE-2021-21122\",\n \"CVE-2021-21123\",\n \"CVE-2021-21124\",\n \"CVE-2021-21125\",\n \"CVE-2021-21126\",\n \"CVE-2021-21127\",\n \"CVE-2021-21128\",\n \"CVE-2021-21129\",\n \"CVE-2021-21130\",\n \"CVE-2021-21131\",\n \"CVE-2021-21132\",\n \"CVE-2021-21133\",\n \"CVE-2021-21134\",\n \"CVE-2021-21135\",\n \"CVE-2021-21136\",\n \"CVE-2021-21137\",\n \"CVE-2021-21138\",\n \"CVE-2021-21139\",\n \"CVE-2021-21140\",\n \"CVE-2021-21141\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-48866282e5\");\n\n script_name(english:\"Fedora 33 : chromium (2021-48866282e5)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-48866282e5 advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local\n attacker to perform OS-level privilege escalation via a crafted file. (CVE-2021-21117)\n\n - Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21118)\n\n - Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-21119)\n\n - Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21120)\n\n - Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21121)\n\n - Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21122)\n\n - Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21123)\n\n - Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21124)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21125)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass site isolation via a crafted Chrome Extension. (CVE-2021-21126)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass content security policy via a crafted Chrome Extension. (CVE-2021-21127)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21128)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21129, CVE-2021-21130,\n CVE-2021-21131)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to potentially perform a sandbox escape via a crafted Chrome Extension. (CVE-2021-21132)\n\n - Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker\n who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.\n (CVE-2021-21133)\n\n - Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker\n to spoof security UI via a crafted HTML page. (CVE-2021-21134)\n\n - Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21135)\n\n - Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21136)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to obtain potentially sensitive information from disk via a crafted HTML page. (CVE-2021-21137)\n\n - Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform a sandbox escape via a crafted file. (CVE-2021-21138)\n\n - Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21139)\n\n - Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform out of bounds memory access via via a USB device. (CVE-2021-21140)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass file extension policy via a crafted HTML page. (CVE-2021-21141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-48866282e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-88.0.4324.96-1.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-13T07:58:02", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-b7cc24375b advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local\n attacker to perform OS-level privilege escalation via a crafted file. (CVE-2021-21117)\n\n - Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21118)\n\n - Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-21119)\n\n - Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21120)\n\n - Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21121)\n\n - Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21122)\n\n - Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21123)\n\n - Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21124)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21125)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass site isolation via a crafted Chrome Extension. (CVE-2021-21126)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass content security policy via a crafted Chrome Extension. (CVE-2021-21127)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21128)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21129, CVE-2021-21130,\n CVE-2021-21131)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to potentially perform a sandbox escape via a crafted Chrome Extension. (CVE-2021-21132)\n\n - Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker\n who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.\n (CVE-2021-21133)\n\n - Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker\n to spoof security UI via a crafted HTML page. (CVE-2021-21134)\n\n - Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21135)\n\n - Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21136)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to obtain potentially sensitive information from disk via a crafted HTML page. (CVE-2021-21137)\n\n - Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform a sandbox escape via a crafted file. (CVE-2021-21138)\n\n - Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21139)\n\n - Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform out of bounds memory access via via a USB device. (CVE-2021-21140)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass file extension policy via a crafted HTML page. (CVE-2021-21141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "title": "Fedora 32 : chromium (2021-b7cc24375b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-02-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-B7CC24375B.NASL", "href": "https://www.tenable.com/plugins/nessus/145776", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-b7cc24375b\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145776);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\n \"CVE-2020-16044\",\n \"CVE-2021-21117\",\n \"CVE-2021-21118\",\n \"CVE-2021-21119\",\n \"CVE-2021-21120\",\n \"CVE-2021-21121\",\n \"CVE-2021-21122\",\n \"CVE-2021-21123\",\n \"CVE-2021-21124\",\n \"CVE-2021-21125\",\n \"CVE-2021-21126\",\n \"CVE-2021-21127\",\n \"CVE-2021-21128\",\n \"CVE-2021-21129\",\n \"CVE-2021-21130\",\n \"CVE-2021-21131\",\n \"CVE-2021-21132\",\n \"CVE-2021-21133\",\n \"CVE-2021-21134\",\n \"CVE-2021-21135\",\n \"CVE-2021-21136\",\n \"CVE-2021-21137\",\n \"CVE-2021-21138\",\n \"CVE-2021-21139\",\n \"CVE-2021-21140\",\n \"CVE-2021-21141\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-b7cc24375b\");\n\n script_name(english:\"Fedora 32 : chromium (2021-b7cc24375b)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-b7cc24375b advisory.\n\n - Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)\n\n - Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local\n attacker to perform OS-level privilege escalation via a crafted file. (CVE-2021-21117)\n\n - Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-21118)\n\n - Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-21119)\n\n - Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21120)\n\n - Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to\n potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21121)\n\n - Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-21122)\n\n - Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21123)\n\n - Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21124)\n\n - Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96\n allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21125)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass site isolation via a crafted Chrome Extension. (CVE-2021-21126)\n\n - Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass content security policy via a crafted Chrome Extension. (CVE-2021-21127)\n\n - Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21128)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass filesystem restrictions via a crafted HTML page. (CVE-2021-21129, CVE-2021-21130,\n CVE-2021-21131)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to potentially perform a sandbox escape via a crafted Chrome Extension. (CVE-2021-21132)\n\n - Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker\n who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.\n (CVE-2021-21133)\n\n - Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker\n to spoof security UI via a crafted HTML page. (CVE-2021-21134)\n\n - Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21135)\n\n - Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a\n remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2021-21136)\n\n - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker\n to obtain potentially sensitive information from disk via a crafted HTML page. (CVE-2021-21137)\n\n - Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform a sandbox escape via a crafted file. (CVE-2021-21138)\n\n - Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass navigation restrictions via a crafted HTML page. (CVE-2021-21139)\n\n - Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially\n perform out of bounds memory access via via a USB device. (CVE-2021-21140)\n\n - Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote\n attacker to bypass file extension policy via a crafted HTML page. (CVE-2021-21141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-b7cc24375b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\npkgs = [\n {'reference':'chromium-88.0.4324.96-1.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T03:14:50", "description": "The remote host is affected by the vulnerability described in GLSA-202101-13\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "title": "GLSA-202101-13 : Chromium, Google Chrome: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-202101-13.NASL", "href": "https://www.tenable.com/plugins/nessus/145341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-13.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145341);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-16044\", \"CVE-2021-21117\", \"CVE-2021-21118\", \"CVE-2021-21119\", \"CVE-2021-21120\", \"CVE-2021-21121\", \"CVE-2021-21122\", \"CVE-2021-21123\", \"CVE-2021-21124\", \"CVE-2021-21125\", \"CVE-2021-21126\", \"CVE-2021-21127\", \"CVE-2021-21128\", \"CVE-2021-21129\", \"CVE-2021-21130\", \"CVE-2021-21131\", \"CVE-2021-21132\", \"CVE-2021-21133\", \"CVE-2021-21134\", \"CVE-2021-21135\", \"CVE-2021-21136\", \"CVE-2021-21137\", \"CVE-2021-21138\", \"CVE-2021-21139\", \"CVE-2021-21140\", \"CVE-2021-21141\");\n script_xref(name:\"GLSA\", value:\"202101-13\");\n script_xref(name:\"IAVA\", value:\"2021-A-0040-S\");\n\n script_name(english:\"GLSA-202101-13 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-13\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-13\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-88.0.4324.96'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-88.0.4324.96'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 88.0.4324.96\"), vulnerable:make_list(\"lt 88.0.4324.96\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 88.0.4324.96\"), vulnerable:make_list(\"lt 88.0.4324.96\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-18T12:14:50", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected\nby multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.", "edition": 3, "cvss3": {"score": 9.6, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2021-01-26T00:00:00", "title": "Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-01-26T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_88_0_705_50.NASL", "href": "https://www.tenable.com/plugins/nessus/145448", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145448);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/17\");\n\n script_cve_id(\n \"CVE-2020-16044\",\n \"CVE-2021-21118\",\n \"CVE-2021-21119\",\n \"CVE-2021-21120\",\n \"CVE-2021-21121\",\n \"CVE-2021-21122\",\n \"CVE-2021-21123\",\n \"CVE-2021-21124\",\n \"CVE-2021-21125\",\n \"CVE-2021-21126\",\n \"CVE-2021-21127\",\n \"CVE-2021-21128\",\n \"CVE-2021-21129\",\n \"CVE-2021-21130\",\n \"CVE-2021-21131\",\n \"CVE-2021-21132\",\n \"CVE-2021-21133\",\n \"CVE-2021-21134\",\n \"CVE-2021-21135\",\n \"CVE-2021-21136\",\n \"CVE-2021-21137\",\n \"CVE-2021-21139\",\n \"CVE-2021-21140\",\n \"CVE-2021-21141\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 88.0.705.50 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.50. It is, therefore, affected\nby multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n # https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16044\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f11ddceb\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21118\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e38b0261\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21119\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?956993df\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21120\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?86ccd1a7\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21121\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea65fbbf\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21122\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d945c5fd\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21123\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?804c6012\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21124\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6df00137\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21125\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e925c70\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21126\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f33d1708\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21127\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e453c1c0\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21128\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d644083b\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21129\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04560b20\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21130\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3dbc72e7\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21131\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3be82d62\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21132\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?776bc7e6\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21133\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?858149b3\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21134\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3838b7fb\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21135\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c282efb\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21136\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1321a9c\");\n # https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21137\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?970b384a\");\n # https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21139\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6495027\");\n # https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21140\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef57ee24\");\n # https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21141\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a674cb6c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 88.0.705.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '88.0.705.50' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-17T02:03:20", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2020-16044\n Ned Williamson discovered a use-after-free issue in the\n WebRTC implementation.\n\n - CVE-2021-21117\n Rory McNamara discovered a policy enforcement issue in\n Cryptohome.\n\n - CVE-2021-21118\n Tyler Nighswander discovered a data validation issue in\n the v8 JavaScript library.\n\n - CVE-2021-21119\n A use-after-free issue was discovered in media handling.\n\n - CVE-2021-21120\n Nan Wang and Guang Gong discovered a use-after-free\n issue in the WebSQL implementation.\n\n - CVE-2021-21121\n Leecraso and Guang Gong discovered a use-after-free\n issue in the Omnibox.\n\n - CVE-2021-21122\n Renata Hodovan discovered a use-after-free issue in\n Blink/WebKit.\n\n - CVE-2021-21123\n Maciej Pulikowski discovered a data validation issue.\n\n - CVE-2021-21124\n Chaoyang Ding discovered a use-after-free issue in the\n speech recognizer.\n\n - CVE-2021-21125\n Ron Masas discovered a policy enforcement issue.\n\n - CVE-2021-21126\n David Erceg discovered a policy enforcement issue in\n extensions.\n\n - CVE-2021-21127\n Jasminder Pal Singh discovered a policy enforcement\n issue in extensions.\n\n - CVE-2021-21128\n Liang Dong discovered a buffer overflow issue in\n Blink/WebKit.\n\n - CVE-2021-21129\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21130\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21131\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21132\n David Erceg discovered an implementation error in the\n developer tools.\n\n - CVE-2021-21133\n wester0x01 discovered a policy enforcement issue.\n\n - CVE-2021-21134\n wester0x01 discovered a user interface error.\n\n - CVE-2021-21135\n ndevtk discovered an implementation error in the\n Performance API.\n\n - CVE-2021-21136\n Shiv Sahni, Movnavinothan V, and Imdad Mohammed\n discovered a policy enforcement error.\n\n - CVE-2021-21137\n bobbybear discovered an implementation error in the\n developer tools.\n\n - CVE-2021-21138\n Weipeng Jiang discovered a use-after-free issue in the\n developer tools.\n\n - CVE-2021-21139\n Jun Kokatsu discovered an implementation error in the\n iframe sandbox.\n\n - CVE-2021-21140\n David Manouchehri discovered uninitialized memory in the\n USB implementation.\n\n - CVE-2021-21141\n Maciej Pulikowski discovered a policy enforcement error.\n\n - CVE-2021-21142\n Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2021-21143\n Allen Parker and Alex Morgan discovered a buffer\n overflow issue in extensions.\n\n - CVE-2021-21144\n Leecraso and Guang Gong discovered a buffer overflow\n issue.\n\n - CVE-2021-21145\n A use-after-free issue was discovered.\n\n - CVE-2021-21146\n Alison Huffman and Choongwoo Han discovered a\n use-after-free issue.\n\n - CVE-2021-21147\n Roman Starkov discovered an implementation error in the\n skia library.", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-09T00:00:00", "title": "Debian DSA-4846-1 : chromium - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21143", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21144", "CVE-2021-21128", "CVE-2021-21142", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "modified": "2021-02-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:chromium"], "id": "DEBIAN_DSA-4846.NASL", "href": "https://www.tenable.com/plugins/nessus/146318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4846. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146318);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2020-16044\", \"CVE-2021-21117\", \"CVE-2021-21118\", \"CVE-2021-21119\", \"CVE-2021-21120\", \"CVE-2021-21121\", \"CVE-2021-21122\", \"CVE-2021-21123\", \"CVE-2021-21124\", \"CVE-2021-21125\", \"CVE-2021-21126\", \"CVE-2021-21127\", \"CVE-2021-21128\", \"CVE-2021-21129\", \"CVE-2021-21130\", \"CVE-2021-21131\", \"CVE-2021-21132\", \"CVE-2021-21133\", \"CVE-2021-21134\", \"CVE-2021-21135\", \"CVE-2021-21136\", \"CVE-2021-21137\", \"CVE-2021-21138\", \"CVE-2021-21139\", \"CVE-2021-21140\", \"CVE-2021-21141\", \"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\");\n script_xref(name:\"DSA\", value:\"4846\");\n\n script_name(english:\"Debian DSA-4846-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2020-16044\n Ned Williamson discovered a use-after-free issue in the\n WebRTC implementation.\n\n - CVE-2021-21117\n Rory McNamara discovered a policy enforcement issue in\n Cryptohome.\n\n - CVE-2021-21118\n Tyler Nighswander discovered a data validation issue in\n the v8 JavaScript library.\n\n - CVE-2021-21119\n A use-after-free issue was discovered in media handling.\n\n - CVE-2021-21120\n Nan Wang and Guang Gong discovered a use-after-free\n issue in the WebSQL implementation.\n\n - CVE-2021-21121\n Leecraso and Guang Gong discovered a use-after-free\n issue in the Omnibox.\n\n - CVE-2021-21122\n Renata Hodovan discovered a use-after-free issue in\n Blink/WebKit.\n\n - CVE-2021-21123\n Maciej Pulikowski discovered a data validation issue.\n\n - CVE-2021-21124\n Chaoyang Ding discovered a use-after-free issue in the\n speech recognizer.\n\n - CVE-2021-21125\n Ron Masas discovered a policy enforcement issue.\n\n - CVE-2021-21126\n David Erceg discovered a policy enforcement issue in\n extensions.\n\n - CVE-2021-21127\n Jasminder Pal Singh discovered a policy enforcement\n issue in extensions.\n\n - CVE-2021-21128\n Liang Dong discovered a buffer overflow issue in\n Blink/WebKit.\n\n - CVE-2021-21129\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21130\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21131\n Maciej Pulikowski discovered a policy enforcement issue.\n\n - CVE-2021-21132\n David Erceg discovered an implementation error in the\n developer tools.\n\n - CVE-2021-21133\n wester0x01 discovered a policy enforcement issue.\n\n - CVE-2021-21134\n wester0x01 discovered a user interface error.\n\n - CVE-2021-21135\n ndevtk discovered an implementation error in the\n Performance API.\n\n - CVE-2021-21136\n Shiv Sahni, Movnavinothan V, and Imdad Mohammed\n discovered a policy enforcement error.\n\n - CVE-2021-21137\n bobbybear discovered an implementation error in the\n developer tools.\n\n - CVE-2021-21138\n Weipeng Jiang discovered a use-after-free issue in the\n developer tools.\n\n - CVE-2021-21139\n Jun Kokatsu discovered an implementation error in the\n iframe sandbox.\n\n - CVE-2021-21140\n David Manouchehri discovered uninitialized memory in the\n USB implementation.\n\n - CVE-2021-21141\n Maciej Pulikowski discovered a policy enforcement error.\n\n - CVE-2021-21142\n Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2021-21143\n Allen Parker and Alex Morgan discovered a buffer\n overflow issue in extensions.\n\n - CVE-2021-21144\n Leecraso and Guang Gong discovered a buffer overflow\n issue.\n\n - CVE-2021-21145\n A use-after-free issue was discovered.\n\n - CVE-2021-21146\n Alison Huffman and Choongwoo Han discovered a\n use-after-free issue.\n\n - CVE-2021-21147\n Roman Starkov discovered an implementation error in the\n skia library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-16044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4846\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 88.0.4324.146-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"88.0.4324.146-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-13T21:34:45", "description": "The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2021-0089 advisory.\n\n - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially\n resulted in a use-after-free. We presume that with enough effort it could have been exploited to run\n arbitrary code. (CVE-2020-16044)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-14T00:00:00", "title": "Oracle Linux 8 : thunderbird (ELSA-2021-0089)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16044"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:thunderbird", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2021-0089.NASL", "href": "https://www.tenable.com/plugins/nessus/145012", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0089.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145012);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\"CVE-2020-16044\");\n\n script_name(english:\"Oracle Linux 8 : thunderbird (ELSA-2021-0089)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2021-0089 advisory.\n\n - A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially\n resulted in a use-after-free. We presume that with enough effort it could have been exploited to run\n arbitrary code. (CVE-2020-16044)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0089.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16044\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.6.1-1.0.1.el8_3', 'cpu':'aarch64', 'release':'8', 'allowmaj':TRUE},\n {'reference':'thunderbird-78.6.1-1.0.1.el8_3', 'cpu':'x86_64', 'release':'8', 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-02-12T13:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141"], "description": "Arch Linux Security Advisory ASA-202102-5\n=========================================\n\nSeverity: Critical\nDate : 2021-02-06\nCVE-ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119\nCVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123\nCVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127\nCVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131\nCVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135\nCVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139\nCVE-2021-21140 CVE-2021-21141\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1479\n\nSummary\n=======\n\nThe package opera before version 74.0.3911.75-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, content spoofing and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 74.0.3911.75-1.\n\n# pacman -Syu \"opera>=74.0.3911.75-1\"\n\nThe problems have been fixed upstream in version 74.0.3911.75.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-16044 (arbitrary code execution)\n\nA security issue was found in Firefox before 84.0.2, Thunderbird before\n78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have\nmodified a COOKIE-ECHO chunk in an SCTP packet in a way that\npotentially resulted in a use-after-free. Mozilla presumes that with\nenough effort it could have been exploited to run arbitrary code.\n\n- CVE-2021-21117 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nCryptohome component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21118 (insufficient validation)\n\nAn insufficient data validation security issue was found in the V8\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21119 (arbitrary code execution)\n\nA use after free security issue was found in the Media component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21120 (arbitrary code execution)\n\nA use after free security issue was found in the WebSQL component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21121 (arbitrary code execution)\n\nA use after free security issue was found in the Omnibox component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21122 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21123 (insufficient validation)\n\nAn insufficient data validation security issue was found in the File\nSystem component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21124 (arbitrary code execution)\n\nA potential use after free security issue was found in the Speech\nRecognizer component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21125 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21126 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21127 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21128 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Blink component\nof the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21129 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21130 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21131 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21132 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21133 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nDownloads component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21134 (content spoofing)\n\nAn incorrect security UI security issue was found in the Page Info\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21135 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nPerformance API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21136 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nWebView component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21137 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21138 (arbitrary code execution)\n\nA use after free security issue was found in the DevTools component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21139 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the iframe\nsandbox component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21140 (arbitrary code execution)\n\nAn uninitialized use security issue was found in the USB component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21141 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures, trick the\nuser into performing unwanted actions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/2021/02/opera-74-stable/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1137179\nhttps://crbug.com/1161357\nhttps://crbug.com/1160534\nhttps://crbug.com/1160602\nhttps://crbug.com/1161143\nhttps://crbug.com/1162131\nhttps://crbug.com/1137247\nhttps://crbug.com/1131346\nhttps://crbug.com/1152327\nhttps://crbug.com/1108126\nhttps://crbug.com/1115590\nhttps://crbug.com/1138877\nhttps://crbug.com/1140403\nhttps://crbug.com/1140410\nhttps://crbug.com/1140417\nhttps://crbug.com/1128206\nhttps://crbug.com/1157743\nhttps://crbug.com/1157800\nhttps://crbug.com/1157818\nhttps://crbug.com/1038002\nhttps://crbug.com/1093791\nhttps://crbug.com/1122487\nhttps://crbug.com/937131\nhttps://crbug.com/1136327\nhttps://crbug.com/1140435\nhttps://security.archlinux.org/CVE-2020-16044\nhttps://security.archlinux.org/CVE-2021-21117\nhttps://security.archlinux.org/CVE-2021-21118\nhttps://security.archlinux.org/CVE-2021-21119\nhttps://security.archlinux.org/CVE-2021-21120\nhttps://security.archlinux.org/CVE-2021-21121\nhttps://security.archlinux.org/CVE-2021-21122\nhttps://security.archlinux.org/CVE-2021-21123\nhttps://security.archlinux.org/CVE-2021-21124\nhttps://security.archlinux.org/CVE-2021-21125\nhttps://security.archlinux.org/CVE-2021-21126\nhttps://security.archlinux.org/CVE-2021-21127\nhttps://security.archlinux.org/CVE-2021-21128\nhttps://security.archlinux.org/CVE-2021-21129\nhttps://security.archlinux.org/CVE-2021-21130\nhttps://security.archlinux.org/CVE-2021-21131\nhttps://security.archlinux.org/CVE-2021-21132\nhttps://security.archlinux.org/CVE-2021-21133\nhttps://security.archlinux.org/CVE-2021-21134\nhttps://security.archlinux.org/CVE-2021-21135\nhttps://security.archlinux.org/CVE-2021-21136\nhttps://security.archlinux.org/CVE-2021-21137\nhttps://security.archlinux.org/CVE-2021-21138\nhttps://security.archlinux.org/CVE-2021-21139\nhttps://security.archlinux.org/CVE-2021-21140\nhttps://security.archlinux.org/CVE-2021-21141", "modified": "2021-02-06T00:00:00", "published": "2021-02-06T00:00:00", "id": "ASA-202102-5", "href": "https://security.archlinux.org/ASA-202102-5", "type": "archlinux", "title": "[ASA-202102-5] opera: multiple issues", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-12T13:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141", "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "description": "Arch Linux Security Advisory ASA-202102-4\n=========================================\n\nSeverity: Critical\nDate : 2021-02-06\nCVE-ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119\nCVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123\nCVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127\nCVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131\nCVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135\nCVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139\nCVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143\nCVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147\nCVE-2021-21148\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1478\n\nSummary\n=======\n\nThe package vivaldi before version 3.6.2165.36-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, content spoofing and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 3.6.2165.36-1.\n\n# pacman -Syu \"vivaldi>=3.6.2165.36-1\"\n\nThe problems have been fixed upstream in version 3.6.2165.36.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-16044 (arbitrary code execution)\n\nA security issue was found in Firefox before 84.0.2, Thunderbird before\n78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have\nmodified a COOKIE-ECHO chunk in an SCTP packet in a way that\npotentially resulted in a use-after-free. Mozilla presumes that with\nenough effort it could have been exploited to run arbitrary code.\n\n- CVE-2021-21117 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nCryptohome component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21118 (insufficient validation)\n\nAn insufficient data validation security issue was found in the V8\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21119 (arbitrary code execution)\n\nA use after free security issue was found in the Media component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21120 (arbitrary code execution)\n\nA use after free security issue was found in the WebSQL component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21121 (arbitrary code execution)\n\nA use after free security issue was found in the Omnibox component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21122 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21123 (insufficient validation)\n\nAn insufficient data validation security issue was found in the File\nSystem component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21124 (arbitrary code execution)\n\nA potential use after free security issue was found in the Speech\nRecognizer component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21125 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21126 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21127 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21128 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Blink component\nof the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21129 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21130 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21131 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21132 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21133 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nDownloads component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21134 (content spoofing)\n\nAn incorrect security UI security issue was found in the Page Info\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21135 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nPerformance API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21136 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nWebView component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21137 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21138 (arbitrary code execution)\n\nA use after free security issue was found in the DevTools component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21139 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the iframe\nsandbox component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21140 (arbitrary code execution)\n\nAn uninitialized use security issue was found in the USB component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21141 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21142 (arbitrary code execution)\n\nA use after free security issue was found in the Payments component of\nthe Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21143 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Extensions\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21144 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Groups\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21145 (arbitrary code execution)\n\nA use after free security issue was found in the Fonts component of the\nChromium browser before version 88.0.4324.146.\n\n- CVE-2021-21146 (arbitrary code execution)\n\nA use after free security issue was found in the Navigation component\nof the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21147 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Skia\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21148 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the V8 component of\nthe Chromium browser before version 88.0.4324.150.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures, trick the\nuser into performing unwanted actions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1137179\nhttps://crbug.com/1161357\nhttps://crbug.com/1160534\nhttps://crbug.com/1160602\nhttps://crbug.com/1161143\nhttps://crbug.com/1162131\nhttps://crbug.com/1137247\nhttps://crbug.com/1131346\nhttps://crbug.com/1152327\nhttps://crbug.com/1108126\nhttps://crbug.com/1115590\nhttps://crbug.com/1138877\nhttps://crbug.com/1140403\nhttps://crbug.com/1140410\nhttps://crbug.com/1140417\nhttps://crbug.com/1128206\nhttps://crbug.com/1157743\nhttps://crbug.com/1157800\nhttps://crbug.com/1157818\nhttps://crbug.com/1038002\nhttps://crbug.com/1093791\nhttps://crbug.com/1122487\nhttps://crbug.com/937131\nhttps://crbug.com/1136327\nhttps://crbug.com/1140435\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\nhttps://crbug.com/1169317\nhttps://crbug.com/1163504\nhttps://crbug.com/1163845\nhttps://crbug.com/1154965\nhttps://crbug.com/1161705\nhttps://crbug.com/1162942\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\nhttps://crbug.com/1170176\nhttps://security.archlinux.org/CVE-2020-16044\nhttps://security.archlinux.org/CVE-2021-21117\nhttps://security.archlinux.org/CVE-2021-21118\nhttps://security.archlinux.org/CVE-2021-21119\nhttps://security.archlinux.org/CVE-2021-21120\nhttps://security.archlinux.org/CVE-2021-21121\nhttps://security.archlinux.org/CVE-2021-21122\nhttps://security.archlinux.org/CVE-2021-21123\nhttps://security.archlinux.org/CVE-2021-21124\nhttps://security.archlinux.org/CVE-2021-21125\nhttps://security.archlinux.org/CVE-2021-21126\nhttps://security.archlinux.org/CVE-2021-21127\nhttps://security.archlinux.org/CVE-2021-21128\nhttps://security.archlinux.org/CVE-2021-21129\nhttps://security.archlinux.org/CVE-2021-21130\nhttps://security.archlinux.org/CVE-2021-21131\nhttps://security.archlinux.org/CVE-2021-21132\nhttps://security.archlinux.org/CVE-2021-21133\nhttps://security.archlinux.org/CVE-2021-21134\nhttps://security.archlinux.org/CVE-2021-21135\nhttps://security.archlinux.org/CVE-2021-21136\nhttps://security.archlinux.org/CVE-2021-21137\nhttps://security.archlinux.org/CVE-2021-21138\nhttps://security.archlinux.org/CVE-2021-21139\nhttps://security.archlinux.org/CVE-2021-21140\nhttps://security.archlinux.org/CVE-2021-21141\nhttps://security.archlinux.org/CVE-2021-21142\nhttps://security.archlinux.org/CVE-2021-21143\nhttps://security.archlinux.org/CVE-2021-21144\nhttps://security.archlinux.org/CVE-2021-21145\nhttps://security.archlinux.org/CVE-2021-21146\nhttps://security.archlinux.org/CVE-2021-21147\nhttps://security.archlinux.org/CVE-2021-21148", "modified": "2021-02-06T00:00:00", "published": "2021-02-06T00:00:00", "id": "ASA-202102-4", "href": "https://security.archlinux.org/ASA-202102-4", "type": "archlinux", "title": "[ASA-202102-4] vivaldi: multiple issues", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-12T13:10:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Arch Linux Security Advisory ASA-202101-5\n=========================================\n\nSeverity: Critical\nDate : 2021-01-08\nCVE-ID : CVE-2020-16044\nPackage : firefox\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1413\n\nSummary\n=======\n\nThe package firefox before version 84.0.2-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 84.0.2-1.\n\n# pacman -Syu \"firefox>=84.0.2-1\"\n\nThe problem has been fixed upstream in version 84.0.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue was found in Firefox before 84.0.2. A malicious peer\ncould have modified a COOKIE-ECHO chunk in a SCTP packet in a way that\npotentially resulted in a use-after-free. Mozilla presumes that with\nenough effort it could have been exploited to run arbitrary code.\n\nImpact\n======\n\nA remote attacker might be able to execute arbitrary code via a crafted\nSCTP packet.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://security.archlinux.org/CVE-2020-16044", "modified": "2021-01-08T00:00:00", "published": "2021-01-08T00:00:00", "id": "ASA-202101-5", "href": "https://security.archlinux.org/ASA-202101-5", "type": "archlinux", "title": "[ASA-202101-5] firefox: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2021-02-12T15:26:38", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "description": "\nChrome Releases reports:\n\nThis release contains 36 security fixes, including:\n\n[1137179] Critical CVE-2021-21117: Insufficient policy\n\t enforcement in Cryptohome. Reported by Rory McNamara on\n\t 2020-10-10\n[1161357] High CVE-2021-21118: Insufficient data validation in\n\t V8. Reported by Tyler Nighswander (@tylerni7) of Theori on\n\t 2020-12-23\n[1160534] High CVE-2021-21119: Use after free in Media. Reported\n\t by Anonymous on 2020-12-20\n[1160602] High CVE-2021-21120: Use after free in WebSQL.\n\t Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha\n\t Lab on 2020-12-21\n[1161143] High CVE-2021-21121: Use after free in Omnibox.\n\t Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2020-12-22\n[1162131] High CVE-2021-21122: Use after free in Blink. Reported\n\t by Renata Hodovan on 2020-12-28\n[1137247] High CVE-2021-21123: Insufficient data validation in\n\t File System API. Reported by Maciej Pulikowski on 2020-10-11\n[1131346] High CVE-2021-21124: Potential user after free in\n\t Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from\n\t Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23\n[1152327] High CVE-2021-21125: Insufficient policy enforcement\n\t in File System API. Reported by Ron Masas (Imperva) on\n\t 2020-11-24\n[1163228] High CVE-2020-16044: Use after free in WebRTC.\n\t Reported by Ned Williamson of Project Zero on 2021-01-05\n[1108126] Medium CVE-2021-21126: Insufficient policy enforcement\n\t in extensions. Reported by David Erceg on 2020-07-22\n[1115590] Medium CVE-2021-21127: Insufficient policy enforcement\n\t in extensions. Reported by Jasminder Pal Singh, Web Services Point\n\t WSP, Kotkapura on 2020-08-12\n[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.\n\t Reported by Liang Dong on 2020-10-15\n[1140403] Medium CVE-2021-21129: Insufficient policy enforcement\n\t in File System API. Reported by Maciej Pulikowski on\n\t 2020-10-20\n[1140410] Medium CVE-2021-21130: Insufficient policy enforcement\n\t in File System API. Reported by Maciej Pulikowski on\n\t 2020-10-20\n[1140417] Medium CVE-2021-21131: Insufficient policy enforcement\n\t in File System API. Reported by Maciej Pulikowski on\n\t 2020-10-20\n[1128206] Medium CVE-2021-21132: Inappropriate implementation in\n\t DevTools. Reported by David Erceg on 2020-09-15\n[1157743] Medium CVE-2021-21133: Insufficient policy enforcement\n\t in Downloads. Reported by wester0x01\n\t (https://twitter.com/wester0x01) on 2020-12-11\n[1157800] Medium CVE-2021-21134: Incorrect security UI in Page\n\t Info. Reported by wester0x01 (https://twitter.com/wester0x01) on\n\t 2020-12-11\n[1157818] Medium CVE-2021-21135: Inappropriate implementation in\n\t Performance API. Reported by ndevtk on 2020-12-11\n[1038002] Low CVE-2021-21136: Insufficient policy enforcement in\n\t WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad\n\t Mohammed on 2019-12-27\n[1093791] Low CVE-2021-21137: Inappropriate implementation in\n\t DevTools. Reported by bobblybear on 2020-06-11\n[1122487] Low CVE-2021-21138: Use after free in DevTools.\n\t Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec\n\t at Qi'anxin Group on 2020-08-27\n[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported\n\t by David Manouchehri on 2020-10-08\n[1140435] Low CVE-2021-21141: Insufficient policy enforcement in\n\t File System API. Reported by Maciej Pulikowski on 2020-10-20\n\n\n", "edition": 2, "modified": "2021-01-19T00:00:00", "published": "2021-01-19T00:00:00", "id": "4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/4ed0e43c-5cef-11eb-bafd-3065ec8fd3ec.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2021-01-22T19:27:19", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21128", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-88.0.4324.96\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-88.0.4324.96\"", "edition": 1, "modified": "2021-01-22T00:00:00", "published": "2021-01-22T00:00:00", "id": "GLSA-202101-13", "href": "https://security.gentoo.org/glsa/202101-13", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-22T19:27:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nA use-after-free bug was discovered in Mozilla Thunderbird handling of SCTP. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-78.6.1\"\n \n\nAll Mozilla Thunderbird binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-78.6.1\"", "edition": 1, "modified": "2021-01-22T00:00:00", "published": "2021-01-22T00:00:00", "id": "GLSA-202101-14", "href": "https://security.gentoo.org/glsa/202101-14", "title": "Mozilla Thunderbird: Remote code execution", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2021-02-13T01:23:35", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21139", "CVE-2021-21137", "CVE-2021-21119", "CVE-2021-21123", "CVE-2021-21141", "CVE-2021-21125", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21120", "CVE-2021-21131", "CVE-2021-21143", "CVE-2021-21132", "CVE-2021-21134", "CVE-2021-21127", "CVE-2021-21121", "CVE-2020-16044", "CVE-2021-21118", "CVE-2021-21135", "CVE-2021-21140", "CVE-2021-21117", "CVE-2021-21124", "CVE-2021-21144", "CVE-2021-21128", "CVE-2021-21142", "CVE-2021-21138", "CVE-2021-21126", "CVE-2021-21136", "CVE-2021-21130", "CVE-2021-21133", "CVE-2021-21129", "CVE-2021-21122"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4846-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nFebruary 07, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119\n CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123\n CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127\n CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131\n CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135\n CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139\n CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143\n CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2020-16044\n\n Ned Williamson discovered a use-after-free issue in the WebRTC\n implementation.\n\nCVE-2021-21117\n\n Rory McNamara discovered a policy enforcement issue in Cryptohome.\n\nCVE-2021-21118\n\n Tyler Nighswander discovered a data validation issue in the v8 javascript\n library.\n\nCVE-2021-21119\n\n A use-after-free issue was discovered in media handling.\n\nCVE-2021-21120\n\n Nan Wang and Guang Gong discovered a use-after-free issue in the WebSQL\n implementation.\n\nCVE-2021-21121\n\n Leecraso and Guang Gong discovered a use-after-free issue in the Omnibox.\n\nCVE-2021-21122\n\n Renata Hodovan discovered a use-after-free issue in Blink/WebKit.\n\nCVE-2021-21123\n\n Maciej Pulikowski discovered a data validation issue.\n\nCVE-2021-21124\n\n Chaoyang Ding discovered a use-after-free issue in the speech recognizer.\n\nCVE-2021-21125\n\n Ron Masas discovered a policy enforcement issue.\n\nCVE-2021-21126\n\n David Erceg discovered a policy enforcement issue in extensions.\n\nCVE-2021-21127\n\n Jasminder Pal Singh discovered a policy enforcement issue in extensions.\n\nCVE-2021-21128\n\n Liang Dong discovered a buffer overflow issue in Blink/WebKit.\n\nCVE-2021-21129\n\n Maciej Pulikowski discovered a policy enforcement issue.\n\nCVE-2021-21130\n\n Maciej Pulikowski discovered a policy enforcement issue.\n\nCVE-2021-21131\n\n Maciej Pulikowski discovered a policy enforcement issue.\n\nCVE-2021-21132\n\n David Erceg discovered an implementation error in the developer tools.\n\nCVE-2021-21133\n\n wester0x01 discovered a policy enforcement issue.\n\nCVE-2021-21134\n\n wester0x01 discovered a user interface error.\n\nCVE-2021-21135\n\n ndevtk discovered an implementation error in the Performance API.\n\nCVE-2021-21136\n\n Shiv Sahni, Movnavinothan V, and Imdad Mohammed discovered a policy\n enforcement error.\n\nCVE-2021-21137\n\n bobbybear discovered an implementation error in the developer tools.\n\nCVE-2021-21138\n\n Weipeng Jiang discovered a use-after-free issue in the developer tools.\n\nCVE-2021-21139\n\n Jun Kokatsu discovered an implementation error in the iframe sandbox.\n\nCVE-2021-21140\n\n David Manouchehri discovered uninitialized memory in the USB\n implementation.\n\nCVE-2021-21141\n\n Maciej Pulikowski discovered a policy enforcement error.\n\nCVE-2021-21142\n\n Khalil Zhani discovered a use-after-free issue.\n\nCVE-2021-21143\n\n Allen Parker and Alex Morgan discovered a buffer overflow issue in\n extensions.\n\nCVE-2021-21144\n\n Leecraso and Guang Gong discovered a buffer overflow issue.\n\nCVE-2021-21145\n\n A use-after-free issue was discovered.\n\nCVE-2021-21146\n\n Alison Huffman and Choongwoo Han discovered a use-after-free issue.\n\nCVE-2021-21147\n\n Roman Starkov discovered an implementation error in the skia library.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 88.0.4324.146-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2021-02-07T19:07:57", "published": "2021-02-07T19:07:57", "id": "DEBIAN:DSA-4846-1:CCE83", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00027.html", "title": "[SECURITY] [DSA 4846-1] chromium security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-13T01:20:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2521-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJanuary 08, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nVersion : 78.6.1esr-1~deb9u1\nCVE ID : CVE-2020-16044\n\nA security issue was found in the Mozilla Firefox web browser, which\ncould potentially result in the execution of arbitrary code.\n\nFor Debian 9 stretch, this problem has been fixed in version\n78.6.1esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFor the detailed security status of firefox-esr please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/firefox-esr\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 4, "modified": "2021-01-08T09:03:36", "published": "2021-01-08T09:03:36", "id": "DEBIAN:DLA-2521-1:C8DC4", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202101/msg00009.html", "title": "[SECURITY] [DLA 2521-1] firefox-esr security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-12T14:58:56", "description": "Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21138", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21138"], "modified": "2021-02-11T21:40:00", "cpe": [], "id": "CVE-2021-21138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21138", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-12T14:58:56", "description": "Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.", "edition": 2, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21117", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21117"], "modified": "2021-02-11T21:06:00", "cpe": [], "id": "CVE-2021-21117", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21117", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2021-03-16T12:41:46", "description": "Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21137", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21137"], "modified": "2021-03-15T17:34:00", "cpe": [], "id": "CVE-2021-21137", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21137", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-03-09T20:42:36", "description": "Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21134", "type": "cve", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21134"], "modified": "2021-03-08T18:52:00", "cpe": [], "id": "CVE-2021-21134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-03-05T16:41:20", "description": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21129", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21129"], "modified": "2021-03-04T18:15:00", "cpe": [], "id": "CVE-2021-21129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21129", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-03-09T20:42:36", "description": "Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21124", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21124"], "modified": "2021-03-08T18:49:00", "cpe": [], "id": "CVE-2021-21124", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21124", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-26T14:32:00", "description": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21141", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21141"], "modified": "2021-02-25T22:31:00", "cpe": [], "id": "CVE-2021-21141", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21141", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-03-05T16:41:20", "description": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21131", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21131"], "modified": "2021-03-04T18:04:00", "cpe": [], "id": "CVE-2021-21131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21131", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-03-05T16:41:20", "description": "Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21130", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21130"], "modified": "2021-03-04T18:15:00", "cpe": [], "id": "CVE-2021-21130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21130", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-03-09T20:42:36", "description": "Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-09T14:15:00", "title": "CVE-2021-21123", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21123"], "modified": "2021-03-08T18:39:00", "cpe": [], "id": "CVE-2021-21123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21123", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "mscve": [{"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21137"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "published": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21137", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21137", "type": "mscve", "title": "Chromium CVE-2021-21137: Inappropriate implementation in DevTools", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21132"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "published": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21132", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21132", "type": "mscve", "title": "Chromium CVE-2021-21132: Inappropriate implementation in DevTools", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21140"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "published": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21140", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21140", "type": "mscve", "title": "Chromium CVE-2021-21140: Uninitialized Use in USB", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21133"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21133", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21133: Insufficient policy enforcement in Downloads", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-18T19:14:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21122"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21122", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21122", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21122: Use after free in Blink", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T19:14:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21126"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21126", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21126", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21126: Insufficient policy enforcement in extensions", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21139"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21139", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21139", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21139: Inappropriate implementation in iframe sandbox", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-18T19:14:29", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21120"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21120", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21120", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21120: Use after free in WebSQL", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T19:14:29", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21118"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21118", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium: CVE-2021-21118 Insufficient data validation in V8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T19:14:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21135"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "modified": "2021-01-21T08:00:00", "id": "MS:CVE-2021-21135", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135", "published": "2021-01-21T08:00:00", "type": "mscve", "title": "Chromium CVE-2021-21135: Inappropriate implementation in Performance API", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "metasploit": [{"lastseen": "2021-04-15T14:07:50", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "SUSE: CVE-2021-21121: SUSE Linux Security Advisory", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-21121"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/SUSE-CVE-2021-21121/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2021-02-12T15:32:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**CentOS Errata and Security Advisory** CESA-2021:0053\n\n\nMozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-January/048243.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\n", "edition": 2, "modified": "2021-01-15T20:13:17", "published": "2021-01-15T20:13:17", "id": "CESA-2021:0053", "href": "http://lists.centos.org/pipermail/centos-announce/2021-January/048243.html", "title": "firefox security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T15:38:18", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**CentOS Errata and Security Advisory** CESA-2021:0087\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-January/048244.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n", "edition": 2, "modified": "2021-01-15T20:31:45", "published": "2021-01-15T20:31:45", "id": "CESA-2021:0087", "href": "http://lists.centos.org/pipermail/centos-announce/2021-January/048244.html", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-02-12T15:40:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "**Issue Overview:**\n\nA malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code. ([CVE-2020-16044 __](<https://access.redhat.com/security/cve/CVE-2020-16044>))\n\n \n**Affected Packages:** \n\n\nthunderbird\n\n \n**Issue Correction:** \nRun _yum update thunderbird_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n thunderbird-78.6.1-1.amzn2.aarch64 \n thunderbird-debuginfo-78.6.1-1.amzn2.aarch64 \n \n src: \n thunderbird-78.6.1-1.amzn2.src \n \n x86_64: \n thunderbird-78.6.1-1.amzn2.x86_64 \n thunderbird-debuginfo-78.6.1-1.amzn2.x86_64 \n \n \n", "edition": 2, "modified": "2021-01-25T23:10:00", "published": "2021-01-25T23:10:00", "id": "ALAS2-2021-1594", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1594.html", "title": "Critical: thunderbird", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-02-12T12:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 78.6.1 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-11T15:12:42", "published": "2021-01-11T14:57:21", "id": "RHSA-2021:0053", "href": "https://access.redhat.com/errata/RHSA-2021:0053", "type": "redhat", "title": "(RHSA-2021:0053) Critical: firefox security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:33:54", "published": "2021-01-13T15:23:19", "id": "RHSA-2021:0089", "href": "https://access.redhat.com/errata/RHSA-2021:0089", "type": "redhat", "title": "(RHSA-2021:0089) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:27:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:38:29", "published": "2021-01-13T15:23:05", "id": "RHSA-2021:0087", "href": "https://access.redhat.com/errata/RHSA-2021:0087", "type": "redhat", "title": "(RHSA-2021:0087) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T12:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 78.6.1.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-13T15:38:29", "published": "2021-01-13T15:23:07", "id": "RHSA-2021:0088", "href": "https://access.redhat.com/errata/RHSA-2021:0088", "type": "redhat", "title": "(RHSA-2021:0088) Critical: thunderbird security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-02-12T16:02:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044"], "description": "[78.6.1-1.0.1]\n- Remove upstream references [Orabug: 30143292]\n- Update distribution for Oracle Linux [Orabug: 30143292]\n- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file\n[78.6.1-1]\n- Update to 78.6.1 build1", "edition": 3, "modified": "2021-01-11T00:00:00", "published": "2021-01-11T00:00:00", "id": "ELSA-2021-0053", "href": "http://linux.oracle.com/errata/ELSA-2021-0053.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}