Google Chrome < 79.0.3945.79 Multiple Vulnerabilities
2019-12-11T00:00:00
ID GOOGLE_CHROME_79_0_3945_79.NASL Type nessus Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-03-02T00:00:00
Description
The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus
has not tested for this issue but has instead relied only on the application's self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(131954);
script_version("1.4");
script_cvs_date("Date: 2020/01/10");
script_cve_id(
"CVE-2019-13725",
"CVE-2019-13726",
"CVE-2019-13727",
"CVE-2019-13728",
"CVE-2019-13729",
"CVE-2019-13730",
"CVE-2019-13732",
"CVE-2019-13734",
"CVE-2019-13735",
"CVE-2019-13736",
"CVE-2019-13737",
"CVE-2019-13738",
"CVE-2019-13739",
"CVE-2019-13740",
"CVE-2019-13741",
"CVE-2019-13742",
"CVE-2019-13743",
"CVE-2019-13744",
"CVE-2019-13745",
"CVE-2019-13746",
"CVE-2019-13747",
"CVE-2019-13748",
"CVE-2019-13749",
"CVE-2019-13750",
"CVE-2019-13751",
"CVE-2019-13752",
"CVE-2019-13753",
"CVE-2019-13754",
"CVE-2019-13755",
"CVE-2019-13756",
"CVE-2019-13757",
"CVE-2019-13758",
"CVE-2019-13759",
"CVE-2019-13761",
"CVE-2019-13762",
"CVE-2019-13763",
"CVE-2019-13764"
);
script_name(english:"Google Chrome < 79.0.3945.79 Multiple Vulnerabilities");
script_summary(english:"Checks version of Google Chrome");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected
by multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus
has not tested for this issue but has instead relied only on the application's self-reported version number.");
# https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e80c206");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025067");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1027152");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/944619");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1024758");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025489");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1028862");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1023817");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025466");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025468");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1028863");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1020899");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1013882");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1017441");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/824715");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1005596");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1011950");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1017564");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/754304");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/853670");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/990867");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/999932");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1018528");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/993706");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1010765");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025464");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025465");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025470");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1025471");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/442579");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/696208");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/708595");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/884693");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/979441");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/901789");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1002687");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1004212");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1011600");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/1032080");
script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 79.0.3945.79 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13725");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("google_chrome_installed.nasl");
script_require_keys("SMB/Google_Chrome/Installed");
exit(0);
}
include('google_chrome_version.inc');
get_kb_item_or_exit('SMB/Google_Chrome/Installed');
installs = get_kb_list('SMB/Google_Chrome/*');
google_chrome_check_version(installs:installs, fix:'79.0.3945.79', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);
{"id": "GOOGLE_CHROME_79_0_3945_79.NASL", "bulletinFamily": "scanner", "title": "Google Chrome < 79.0.3945.79 Multiple Vulnerabilities", "description": "The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2019-12-11T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/131954", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://crbug.com/1010765", "https://crbug.com/442579", "https://crbug.com/1018528", "https://crbug.com/696208", "https://crbug.com/1023817", "https://crbug.com/853670", "https://crbug.com/1002687", "https://crbug.com/1017564", "https://crbug.com/1028862", "https://crbug.com/1025489", "https://crbug.com/1004212", "https://crbug.com/708595", "https://crbug.com/1011950", "https://crbug.com/999932", "https://crbug.com/1027152", "https://crbug.com/1025470", "https://crbug.com/1013882", "https://crbug.com/990867", "https://crbug.com/944619", "https://crbug.com/1025471", "https://crbug.com/1024758", "https://crbug.com/901789", "https://crbug.com/1025466", "https://crbug.com/1025465", "https://crbug.com/884693", "https://crbug.com/1025067", "https://crbug.com/1025468", "https://crbug.com/979441", "https://crbug.com/754304", "https://crbug.com/1032080", "https://crbug.com/1005596", "https://crbug.com/1025464", "https://crbug.com/1020899", "https://crbug.com/1028863", "https://crbug.com/993706", "https://crbug.com/824715", "https://crbug.com/1017441", "http://www.nessus.org/u?5e80c206", "https://crbug.com/1011600"], "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "type": "nessus", "lastseen": "2021-03-01T03:27:20", "edition": 20, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2019-2692.NASL", "DEBIAN_DSA-4606.NASL", "CENTOS8_RHSA-2020-0273.NASL", "MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL", "REDHAT-RHSA-2019-4238.NASL", "GENTOO_GLSA-202003-08.NASL", "UBUNTU_USN-4298-1.NASL", "FEDORA_2020-4355EA258E.NASL", "AL2_ALAS-2020-1394.NASL", "FEDORA_2019-1A10C04281.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815873", "OPENVAS:1361412562310815871", "OPENVAS:1361412562310844360", "OPENVAS:1361412562310852858", "OPENVAS:1361412562310877374", "OPENVAS:1361412562310883170", "OPENVAS:1361412562310704606", "OPENVAS:1361412562310815872", "OPENVAS:1361412562310877318"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2694-1", "OPENSUSE-SU-2019:2692-1"]}, {"type": "redhat", "idList": ["RHSA-2019:4238", "RHSA-2020:0463", "RHSA-2020:0451", "RHSA-2020:0476", "RHSA-2020:0229", "RHSA-2020:1810", "RHSA-2020:0227", "RHSA-2020:2014", "RHSA-2020:0273"]}, {"type": "fedora", "idList": ["FEDORA:9471A606D8C2", "FEDORA:58B4460D22EC"]}, {"type": "kaspersky", "idList": ["KLA11718", "KLA11621"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4606-1:D7F34"]}, {"type": "cve", "idList": ["CVE-2019-13746", "CVE-2019-13755", "CVE-2019-13725", "CVE-2019-13759", "CVE-2019-13743", "CVE-2019-13741", "CVE-2019-13728", "CVE-2019-13736", "CVE-2019-13735", "CVE-2019-13739"]}, {"type": "ubuntu", "idList": ["USN-4298-2", "USN-4298-1"]}, {"type": "gentoo", "idList": ["GLSA-202003-08"]}, {"type": "threatpost", "idList": ["THREATPOST:B5964CC2880F7E4AFF1E9C5DEEE5B287"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:AA356DA8CD5E3C69DBEE45AEF6C8C74F"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-0227", "ELSA-2020-1810", "ELSA-2020-0273"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3397E6EF67D4C71C395ED0244548698A", "GOOGLEPROJECTZERO:9523EA61EA974CED8A3D9198CD0D5F6D"]}, {"type": "amazon", "idList": ["ALAS2-2020-1394"]}, {"type": "centos", "idList": ["CESA-2020:0227"]}], "modified": "2021-03-01T03:27:20", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-03-01T03:27:20", "rev": 2}, "vulnersScore": 7.7}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131954);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\n \"CVE-2019-13725\",\n \"CVE-2019-13726\",\n \"CVE-2019-13727\",\n \"CVE-2019-13728\",\n \"CVE-2019-13729\",\n \"CVE-2019-13730\",\n \"CVE-2019-13732\",\n \"CVE-2019-13734\",\n \"CVE-2019-13735\",\n \"CVE-2019-13736\",\n \"CVE-2019-13737\",\n \"CVE-2019-13738\",\n \"CVE-2019-13739\",\n \"CVE-2019-13740\",\n \"CVE-2019-13741\",\n \"CVE-2019-13742\",\n \"CVE-2019-13743\",\n \"CVE-2019-13744\",\n \"CVE-2019-13745\",\n \"CVE-2019-13746\",\n \"CVE-2019-13747\",\n \"CVE-2019-13748\",\n \"CVE-2019-13749\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-13752\",\n \"CVE-2019-13753\",\n \"CVE-2019-13754\",\n \"CVE-2019-13755\",\n \"CVE-2019-13756\",\n \"CVE-2019-13757\",\n \"CVE-2019-13758\",\n \"CVE-2019-13759\",\n \"CVE-2019-13761\",\n \"CVE-2019-13762\",\n \"CVE-2019-13763\",\n \"CVE-2019-13764\"\n );\n\n script_name(english:\"Google Chrome < 79.0.3945.79 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.79. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e80c206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1027152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/944619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1024758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1028862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1028863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1020899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1013882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1017441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/824715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1005596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1011950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1017564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/754304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/853670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/990867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/999932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1018528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/993706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1010765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/442579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/696208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/708595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/884693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/979441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/901789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1002687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1004212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1011600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1032080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 79.0.3945.79 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13725\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'79.0.3945.79', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "naslFamily": "Windows", "pluginID": "131954", "cpe": ["cpe:/a:google:chrome"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}
{"nessus": [{"lastseen": "2021-03-01T03:54:12", "description": "The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.79. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-11T00:00:00", "title": "Google Chrome < 79.0.3945.79 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_79_0_3945_79.NASL", "href": "https://www.tenable.com/plugins/nessus/131953", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131953);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\n \"CVE-2019-13725\",\n \"CVE-2019-13726\",\n \"CVE-2019-13727\",\n \"CVE-2019-13728\",\n \"CVE-2019-13729\",\n \"CVE-2019-13730\",\n \"CVE-2019-13732\",\n \"CVE-2019-13734\",\n \"CVE-2019-13735\",\n \"CVE-2019-13736\",\n \"CVE-2019-13737\",\n \"CVE-2019-13738\",\n \"CVE-2019-13739\",\n \"CVE-2019-13740\",\n \"CVE-2019-13741\",\n \"CVE-2019-13742\",\n \"CVE-2019-13743\",\n \"CVE-2019-13744\",\n \"CVE-2019-13745\",\n \"CVE-2019-13746\",\n \"CVE-2019-13747\",\n \"CVE-2019-13748\",\n \"CVE-2019-13749\",\n \"CVE-2019-13750\",\n \"CVE-2019-13751\",\n \"CVE-2019-13752\",\n \"CVE-2019-13753\",\n \"CVE-2019-13754\",\n \"CVE-2019-13755\",\n \"CVE-2019-13756\",\n \"CVE-2019-13757\",\n \"CVE-2019-13758\",\n \"CVE-2019-13759\",\n \"CVE-2019-13761\",\n \"CVE-2019-13762\",\n \"CVE-2019-13763\",\n \"CVE-2019-13764\"\n );\n\n script_name(english:\"Google Chrome < 79.0.3945.79 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.79. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2019_12_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e80c206\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1027152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/944619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1024758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1028862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1023817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025468\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1028863\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1020899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1013882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1017441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/824715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1005596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1011950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1017564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/754304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/853670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/990867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/999932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1018528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/993706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1010765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1025471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/442579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/696208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/708595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/884693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/979441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/901789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1002687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1004212\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1011600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1032080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 79.0.3945.79 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13725\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'79.0.3945.79', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:29:32", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 79.0.3945.79.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)\n\n* chromium-browser: Heap buffer overflow in password manager\n(CVE-2019-13726)\n\n* chromium-browser: Insufficient policy enforcement in WebSockets\n(CVE-2019-13727)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)\n\n* chromium-browser: Use after free in WebSockets (CVE-2019-13729)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13730)\n\n* chromium-browser: Use after free in WebAudio (CVE-2019-13732)\n\n* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13764)\n\n* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)\n\n* chromium-browser: Insufficient policy enforcement in autocomplete\n(CVE-2019-13737)\n\n* chromium-browser: Insufficient policy enforcement in navigation\n(CVE-2019-13738)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)\n\n* chromium-browser: Insufficient validation of untrusted input in\nBlink (CVE-2019-13741)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)\n\n* chromium-browser: Incorrect security UI in external protocol\nhandling (CVE-2019-13743)\n\n* chromium-browser: Insufficient policy enforcement in cookies\n(CVE-2019-13744)\n\n* chromium-browser: Insufficient policy enforcement in audio\n(CVE-2019-13745)\n\n* chromium-browser: Insufficient policy enforcement in Omnibox\n(CVE-2019-13746)\n\n* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)\n\n* chromium-browser: Insufficient policy enforcement in developer tools\n(CVE-2019-13748)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)\n\n* chromium-browser: Insufficient data validation in SQLite\n(CVE-2019-13750)\n\n* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)\n\n* chromium-browser: Insufficient policy enforcement in extensions\n(CVE-2019-13754)\n\n* chromium-browser: Insufficient policy enforcement in extensions\n(CVE-2019-13755)\n\n* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)\n\n* chromium-browser: Insufficient policy enforcement in navigation\n(CVE-2019-13758)\n\n* chromium-browser: Incorrect security UI in interstitials\n(CVE-2019-13759)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)\n\n* chromium-browser: Insufficient policy enforcement in downloads\n(CVE-2019-13762)\n\n* chromium-browser: Insufficient policy enforcement in payments\n(CVE-2019-13763)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2019:4238)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-4238.NASL", "href": "https://www.tenable.com/plugins/nessus/132228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4238. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132228);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\");\n script_xref(name:\"RHSA\", value:\"2019:4238\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2019:4238)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 79.0.3945.79.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)\n\n* chromium-browser: Heap buffer overflow in password manager\n(CVE-2019-13726)\n\n* chromium-browser: Insufficient policy enforcement in WebSockets\n(CVE-2019-13727)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)\n\n* chromium-browser: Use after free in WebSockets (CVE-2019-13729)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13730)\n\n* chromium-browser: Use after free in WebAudio (CVE-2019-13732)\n\n* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13764)\n\n* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)\n\n* chromium-browser: Insufficient policy enforcement in autocomplete\n(CVE-2019-13737)\n\n* chromium-browser: Insufficient policy enforcement in navigation\n(CVE-2019-13738)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)\n\n* chromium-browser: Insufficient validation of untrusted input in\nBlink (CVE-2019-13741)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)\n\n* chromium-browser: Incorrect security UI in external protocol\nhandling (CVE-2019-13743)\n\n* chromium-browser: Insufficient policy enforcement in cookies\n(CVE-2019-13744)\n\n* chromium-browser: Insufficient policy enforcement in audio\n(CVE-2019-13745)\n\n* chromium-browser: Insufficient policy enforcement in Omnibox\n(CVE-2019-13746)\n\n* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)\n\n* chromium-browser: Insufficient policy enforcement in developer tools\n(CVE-2019-13748)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)\n\n* chromium-browser: Insufficient data validation in SQLite\n(CVE-2019-13750)\n\n* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)\n\n* chromium-browser: Insufficient policy enforcement in extensions\n(CVE-2019-13754)\n\n* chromium-browser: Insufficient policy enforcement in extensions\n(CVE-2019-13755)\n\n* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)\n\n* chromium-browser: Insufficient policy enforcement in navigation\n(CVE-2019-13758)\n\n* chromium-browser: Incorrect security UI in interstitials\n(CVE-2019-13759)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)\n\n* chromium-browser: Insufficient policy enforcement in downloads\n(CVE-2019-13762)\n\n* chromium-browser: Insufficient policy enforcement in payments\n(CVE-2019-13763)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13764\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4238\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-79.0.3945.79-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-79.0.3945.79-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-79.0.3945.79-1.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-79.0.3945.79-1.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T17:53:45", "description": "Update to Chromium 79. Fixes the usual giant pile of bugs and security\nissues. This time, the list is :\n\nCVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728\nCVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734\nCVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737\nCVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741\nCVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745\nCVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749\nCVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753\nCVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757\nCVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762\nCVE-2019-13763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-18T00:00:00", "title": "Fedora 31 : chromium (2019-1a10c04281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-1A10C04281.NASL", "href": "https://www.tenable.com/plugins/nessus/132111", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1a10c04281.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132111);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\");\n script_xref(name:\"FEDORA\", value:\"2019-1a10c04281\");\n\n script_name(english:\"Fedora 31 : chromium (2019-1a10c04281)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Chromium 79. Fixes the usual giant pile of bugs and security\nissues. This time, the list is :\n\nCVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728\nCVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734\nCVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737\nCVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741\nCVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745\nCVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749\nCVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753\nCVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757\nCVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762\nCVE-2019-13763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a10c04281\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"chromium-79.0.3945.79-1.fc31\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T19:48:33", "description": "This update for chromium fixes the following issues :\n\nChromium was updated to 79.0.3945.79 (boo#1158982)	 \n\n - CVE-2019-13725: Fixed a use after free in Bluetooth\n\n - CVE-2019-13726: Fixed a heap buffer overflow in password\n manager\n\n - CVE-2019-13727: Fixed an insufficient policy enforcement\n in WebSockets\n\n - CVE-2019-13728: Fixed an out of bounds write in V8\n\n - CVE-2019-13729: Fixed a use after free in WebSockets\n\n - CVE-2019-13730: Fixed a type Confusion in V8\n\n - CVE-2019-13732: Fixed a use after free in WebAudio\n\n - CVE-2019-13734: Fixed an out of bounds write in SQLite\n\n - CVE-2019-13735: Fixed an out of bounds write in V8\n\n - CVE-2019-13764: Fixed a type Confusion in V8\n\n - CVE-2019-13736: Fixed an integer overflow in PDFium\n\n - CVE-2019-13737: Fixed an insufficient policy enforcement\n in autocomplete\n\n - CVE-2019-13738: Fixed an insufficient policy enforcement\n in navigation\n\n - CVE-2019-13739: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13740: Fixed an incorrect security UI in\n sharing\n\n - CVE-2019-13741: Fixed an insufficient validation of\n untrusted input in Blink\n\n - CVE-2019-13742: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13743: Fixed an incorrect security UI in\n external protocol handling\n\n - CVE-2019-13744: Fixed an insufficient policy enforcement\n in cookies\n\n - CVE-2019-13745: Fixed an insufficient policy enforcement\n in audio\n\n - CVE-2019-13746: Fixed an insufficient policy enforcement\n in Omnibox\n\n - CVE-2019-13747: Fixed an uninitialized Use in rendering\n\n - CVE-2019-13748: Fixed an insufficient policy enforcement\n in developer tools\n\n - CVE-2019-13749: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13750: Fixed an insufficient data validation in\n SQLite\n\n - CVE-2019-13751: Fixed an uninitialized Use in SQLite\n\n - CVE-2019-13752: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13753: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13754: Fixed an insufficient policy enforcement\n in extensions\n\n - CVE-2019-13755: Fixed an insufficient policy enforcement\n in extensions\n\n - CVE-2019-13756: Fixed an incorrect security UI in\n printing\n\n - CVE-2019-13757: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13758: Fixed an insufficient policy enforcement\n in navigation\n\n - CVE-2019-13759: Fixed an incorrect security UI in\n interstitials\n\n - CVE-2019-13761: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13762: Fixed an insufficient policy enforcement\n in downloads\n\n - CVE-2019-13763: Fixed an insufficient policy enforcement\n in payments", "edition": 8, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-12-17T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2019-2692)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "modified": "2019-12-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2019-2692.NASL", "href": "https://www.tenable.com/plugins/nessus/132087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2692.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132087);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2019-2692)\");\n script_summary(english:\"Check for the openSUSE-2019-2692 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nChromium was updated to 79.0.3945.79 (boo#1158982)	 \n\n - CVE-2019-13725: Fixed a use after free in Bluetooth\n\n - CVE-2019-13726: Fixed a heap buffer overflow in password\n manager\n\n - CVE-2019-13727: Fixed an insufficient policy enforcement\n in WebSockets\n\n - CVE-2019-13728: Fixed an out of bounds write in V8\n\n - CVE-2019-13729: Fixed a use after free in WebSockets\n\n - CVE-2019-13730: Fixed a type Confusion in V8\n\n - CVE-2019-13732: Fixed a use after free in WebAudio\n\n - CVE-2019-13734: Fixed an out of bounds write in SQLite\n\n - CVE-2019-13735: Fixed an out of bounds write in V8\n\n - CVE-2019-13764: Fixed a type Confusion in V8\n\n - CVE-2019-13736: Fixed an integer overflow in PDFium\n\n - CVE-2019-13737: Fixed an insufficient policy enforcement\n in autocomplete\n\n - CVE-2019-13738: Fixed an insufficient policy enforcement\n in navigation\n\n - CVE-2019-13739: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13740: Fixed an incorrect security UI in\n sharing\n\n - CVE-2019-13741: Fixed an insufficient validation of\n untrusted input in Blink\n\n - CVE-2019-13742: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13743: Fixed an incorrect security UI in\n external protocol handling\n\n - CVE-2019-13744: Fixed an insufficient policy enforcement\n in cookies\n\n - CVE-2019-13745: Fixed an insufficient policy enforcement\n in audio\n\n - CVE-2019-13746: Fixed an insufficient policy enforcement\n in Omnibox\n\n - CVE-2019-13747: Fixed an uninitialized Use in rendering\n\n - CVE-2019-13748: Fixed an insufficient policy enforcement\n in developer tools\n\n - CVE-2019-13749: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13750: Fixed an insufficient data validation in\n SQLite\n\n - CVE-2019-13751: Fixed an uninitialized Use in SQLite\n\n - CVE-2019-13752: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13753: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13754: Fixed an insufficient policy enforcement\n in extensions\n\n - CVE-2019-13755: Fixed an insufficient policy enforcement\n in extensions\n\n - CVE-2019-13756: Fixed an incorrect security UI in\n printing\n\n - CVE-2019-13757: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13758: Fixed an insufficient policy enforcement\n in navigation\n\n - CVE-2019-13759: Fixed an incorrect security UI in\n interstitials\n\n - CVE-2019-13761: Fixed an incorrect security UI in\n Omnibox\n\n - CVE-2019-13762: Fixed an insufficient policy enforcement\n in downloads\n\n - CVE-2019-13763: Fixed an insufficient policy enforcement\n in payments\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1158982\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-79.0.3945.79-lp151.2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-79.0.3945.79-lp151.2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-79.0.3945.79-lp151.2.51.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-79.0.3945.79-lp151.2.51.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debugsource-79.0.3945.79-lp151.2.51.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T18:05:40", "description": "Update to 79.0.3945.117. Fixes CVE-2020-6377.\n\n----\n\nSecurity fix for CVE-2019-13767.\n\n----\n\nUpdate to Chromium 79. Fixes the usual giant pile of bugs and security\nissues. This time, the list is :\n\nCVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728\nCVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734\nCVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737\nCVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741\nCVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745\nCVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749\nCVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753\nCVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757\nCVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762\nCVE-2019-13763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-21T00:00:00", "title": "Fedora 30 : chromium (2020-4355ea258e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "modified": "2020-01-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2020-4355EA258E.NASL", "href": "https://www.tenable.com/plugins/nessus/133113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4355ea258e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133113);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\", \"CVE-2019-13767\", \"CVE-2020-6377\");\n script_xref(name:\"FEDORA\", value:\"2020-4355ea258e\");\n\n script_name(english:\"Fedora 30 : chromium (2020-4355ea258e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 79.0.3945.117. Fixes CVE-2020-6377.\n\n----\n\nSecurity fix for CVE-2019-13767.\n\n----\n\nUpdate to Chromium 79. Fixes the usual giant pile of bugs and security\nissues. This time, the list is :\n\nCVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728\nCVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734\nCVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737\nCVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741\nCVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745\nCVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749\nCVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753\nCVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757\nCVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762\nCVE-2019-13763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4355ea258e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"chromium-79.0.3945.117-1.fc30\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:14:24", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2019-13725\n Gengming Liu and Jianyu Chen discovered a use-after-free\n issue in the bluetooth implementation.\n\n - CVE-2019-13726\n Sergei Glazunov discovered a buffer overflow issue.\n\n - CVE-2019-13727\n @piochu discovered a policy enforcement error.\n\n - CVE-2019-13728\n Rong Jian and Guang Gong discovered an out-of-bounds\n write error in the v8 JavaScript library.\n\n - CVE-2019-13729\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-13730\n Soyeon Park and Wen Xu discovered the use of a wrong\n type in the v8 JavaScript library.\n\n - CVE-2019-13732\n Sergei Glazunov discovered a use-after-free issue in the\n WebAudio implementation.\n\n - CVE-2019-13734\n Wenxiang Qian discovered an out-of-bounds write issue in\n the sqlite library.\n\n - CVE-2019-13735\n Gengming Liu and Zhen Feng discovered an out-of-bounds\n write issue in the v8 JavaScript library.\n\n - CVE-2019-13736\n An integer overflow issue was discovered in the pdfium\n library.\n\n - CVE-2019-13737\n Mark Amery discovered a policy enforcement error.\n\n - CVE-2019-13738\n Johnathan Norman and Daniel Clark discovered a policy\n enforcement error.\n\n - CVE-2019-13739\n xisigr discovered a user interface error.\n\n - CVE-2019-13740\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13741\n Michal Bentkowski discovered that user input could be\n incompletely validated.\n\n - CVE-2019-13742\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13743\n Zhiyang Zeng discovered a user interface error.\n\n - CVE-2019-13744\n Prakash discovered a policy enforcement error.\n\n - CVE-2019-13745\n Luan Herrera discovered a policy enforcement error.\n\n - CVE-2019-13746\n David Erceg discovered a policy enforcement error.\n\n - CVE-2019-13747\n Ivan Popelyshev and Andre Bonatti discovered an\n uninitialized value.\n\n - CVE-2019-13748\n David Erceg discovered a policy enforcement error.\n\n - CVE-2019-13749\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13750\n Wenxiang Qian discovered insufficient validation of data\n in the sqlite library.\n\n - CVE-2019-13751\n Wenxiang Qian discovered an uninitialized value in the\n sqlite library.\n\n - CVE-2019-13752\n Wenxiang Qian discovered an out-of-bounds read issue in\n the sqlite library.\n\n - CVE-2019-13753\n Wenxiang Qian discovered an out-of-bounds read issue in\n the sqlite library.\n\n - CVE-2019-13754\n Cody Crews discovered a policy enforcement error.\n\n - CVE-2019-13755\n Masato Kinugawa discovered a policy enforcement error.\n\n - CVE-2019-13756\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13757\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13758\n Khalil Zhani discovered a policy enforecement error.\n\n - CVE-2019-13759\n Wenxu Wu discovered a user interface error.\n\n - CVE-2019-13761\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13762\n csanuragjain discovered a policy enforecement error.\n\n - CVE-2019-13763\n weiwangpp93 discovered a policy enforecement error.\n\n - CVE-2019-13764\n Soyeon Park and Wen Xu discovered the use of a wrong\n type in the v8 JavaScript library.\n\n - CVE-2019-13767\n Sergei Glazunov discovered a use-after-free issue.\n\n - CVE-2020-6377\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6378\n Antti Levomaki and Christian Jalio discovered a\n use-after-free issue.\n\n - CVE-2020-6379\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2020-6380\n Sergei Glazunov discovered an error verifying extension\n messages.", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-21T00:00:00", "title": "Debian DSA-4606-1 : chromium - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2020-6379", "CVE-2019-13748", "CVE-2019-13755", "CVE-2020-6380", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2020-6378", "CVE-2019-13747"], "modified": "2020-01-21T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:chromium"], "id": "DEBIAN_DSA-4606.NASL", "href": "https://www.tenable.com/plugins/nessus/133109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4606. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133109);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/02\");\n\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\", \"CVE-2019-13767\", \"CVE-2020-6377\", \"CVE-2020-6378\", \"CVE-2020-6379\", \"CVE-2020-6380\");\n script_xref(name:\"DSA\", value:\"4606\");\n\n script_name(english:\"Debian DSA-4606-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2019-13725\n Gengming Liu and Jianyu Chen discovered a use-after-free\n issue in the bluetooth implementation.\n\n - CVE-2019-13726\n Sergei Glazunov discovered a buffer overflow issue.\n\n - CVE-2019-13727\n @piochu discovered a policy enforcement error.\n\n - CVE-2019-13728\n Rong Jian and Guang Gong discovered an out-of-bounds\n write error in the v8 JavaScript library.\n\n - CVE-2019-13729\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-13730\n Soyeon Park and Wen Xu discovered the use of a wrong\n type in the v8 JavaScript library.\n\n - CVE-2019-13732\n Sergei Glazunov discovered a use-after-free issue in the\n WebAudio implementation.\n\n - CVE-2019-13734\n Wenxiang Qian discovered an out-of-bounds write issue in\n the sqlite library.\n\n - CVE-2019-13735\n Gengming Liu and Zhen Feng discovered an out-of-bounds\n write issue in the v8 JavaScript library.\n\n - CVE-2019-13736\n An integer overflow issue was discovered in the pdfium\n library.\n\n - CVE-2019-13737\n Mark Amery discovered a policy enforcement error.\n\n - CVE-2019-13738\n Johnathan Norman and Daniel Clark discovered a policy\n enforcement error.\n\n - CVE-2019-13739\n xisigr discovered a user interface error.\n\n - CVE-2019-13740\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13741\n Michal Bentkowski discovered that user input could be\n incompletely validated.\n\n - CVE-2019-13742\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13743\n Zhiyang Zeng discovered a user interface error.\n\n - CVE-2019-13744\n Prakash discovered a policy enforcement error.\n\n - CVE-2019-13745\n Luan Herrera discovered a policy enforcement error.\n\n - CVE-2019-13746\n David Erceg discovered a policy enforcement error.\n\n - CVE-2019-13747\n Ivan Popelyshev and Andre Bonatti discovered an\n uninitialized value.\n\n - CVE-2019-13748\n David Erceg discovered a policy enforcement error.\n\n - CVE-2019-13749\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13750\n Wenxiang Qian discovered insufficient validation of data\n in the sqlite library.\n\n - CVE-2019-13751\n Wenxiang Qian discovered an uninitialized value in the\n sqlite library.\n\n - CVE-2019-13752\n Wenxiang Qian discovered an out-of-bounds read issue in\n the sqlite library.\n\n - CVE-2019-13753\n Wenxiang Qian discovered an out-of-bounds read issue in\n the sqlite library.\n\n - CVE-2019-13754\n Cody Crews discovered a policy enforcement error.\n\n - CVE-2019-13755\n Masato Kinugawa discovered a policy enforcement error.\n\n - CVE-2019-13756\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13757\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13758\n Khalil Zhani discovered a policy enforecement error.\n\n - CVE-2019-13759\n Wenxu Wu discovered a user interface error.\n\n - CVE-2019-13761\n Khalil Zhani discovered a user interface error.\n\n - CVE-2019-13762\n csanuragjain discovered a policy enforecement error.\n\n - CVE-2019-13763\n weiwangpp93 discovered a policy enforecement error.\n\n - CVE-2019-13764\n Soyeon Park and Wen Xu discovered the use of a wrong\n type in the v8 JavaScript library.\n\n - CVE-2019-13767\n Sergei Glazunov discovered a use-after-free issue.\n\n - CVE-2020-6377\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2020-6378\n Antti Levomaki and Christian Jalio discovered a\n use-after-free issue.\n\n - CVE-2020-6379\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2020-6380\n Sergei Glazunov discovered an error verifying extension\n messages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13730\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13736\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13737\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-6380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4606\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium packages.\n\nFor the oldstable distribution (stretch), security support for\nchromium has been discontinued.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 79.0.3945.130-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"79.0.3945.130-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-05T19:17:27", "description": "The remote host is affected by the vulnerability described in GLSA-202003-08\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n obtain sensitive information, spoof an URL or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-13T00:00:00", "title": "GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6395", "CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2020-6381", "CVE-2019-13758", "CVE-2019-13730", "CVE-2020-6394", "CVE-2020-6397", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2020-6399", "CVE-2020-6392", "CVE-2020-6387", "CVE-2019-13753", "CVE-2020-6412", "CVE-2020-6389", "CVE-2019-13740", "CVE-2020-6390", "CVE-2020-6407", "CVE-2019-13728", "CVE-2019-13741", "CVE-2020-6416", "CVE-2020-6410", "CVE-2019-13742", "CVE-2020-6396", "CVE-2019-13749", "CVE-2019-13750", "CVE-2020-6385", "CVE-2019-13738", "CVE-2019-13734", "CVE-2020-6401", "CVE-2020-6414", "CVE-2019-13735", "CVE-2020-6391", "CVE-2020-6420", "CVE-2019-13724", "CVE-2020-6411", "CVE-2020-6400", "CVE-2020-6398", "CVE-2020-6388", "CVE-2020-6413", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13723", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2020-6415", "CVE-2020-6379", "CVE-2019-13748", "CVE-2019-13755", "CVE-2020-6380", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2020-6404", "CVE-2019-13744", "CVE-2019-13757", "CVE-2020-6382", "CVE-2020-6403", "CVE-2020-6406", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2020-6402", "CVE-2020-6418", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2020-6378", "CVE-2020-6393", "CVE-2019-13747"], "modified": "2020-03-13T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-202003-08.NASL", "href": "https://www.tenable.com/plugins/nessus/134475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-08.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134475);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/04\");\n\n script_cve_id(\"CVE-2019-13723\", \"CVE-2019-13724\", \"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\", \"CVE-2019-13767\", \"CVE-2020-6377\", \"CVE-2020-6378\", \"CVE-2020-6379\", \"CVE-2020-6380\", \"CVE-2020-6381\", \"CVE-2020-6382\", \"CVE-2020-6385\", \"CVE-2020-6387\", \"CVE-2020-6388\", \"CVE-2020-6389\", \"CVE-2020-6390\", \"CVE-2020-6391\", \"CVE-2020-6392\", \"CVE-2020-6393\", \"CVE-2020-6394\", \"CVE-2020-6395\", \"CVE-2020-6396\", \"CVE-2020-6397\", \"CVE-2020-6398\", \"CVE-2020-6399\", \"CVE-2020-6400\", \"CVE-2020-6401\", \"CVE-2020-6402\", \"CVE-2020-6403\", \"CVE-2020-6404\", \"CVE-2020-6406\", \"CVE-2020-6407\", \"CVE-2020-6408\", \"CVE-2020-6409\", \"CVE-2020-6410\", \"CVE-2020-6411\", \"CVE-2020-6412\", \"CVE-2020-6413\", \"CVE-2020-6414\", \"CVE-2020-6415\", \"CVE-2020-6416\", \"CVE-2020-6418\", \"CVE-2020-6420\");\n script_xref(name:\"GLSA\", value:\"202003-08\");\n\n script_name(english:\"GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-08\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the referenced CVE identifiers and Google Chrome\n Releases for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n obtain sensitive information, spoof an URL or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-08\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-80.0.3987.132'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-80.0.3987.132'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Google Chrome 80 JSCreate side-effect type confusion exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 80.0.3987.132\"), vulnerable:make_list(\"lt 80.0.3987.132\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 80.0.3987.132\"), vulnerable:make_list(\"lt 80.0.3987.132\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T11:04:03", "description": "It was discovered that SQLite incorrectly handled certain shadow\ntables. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt\nrecords. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree\nrewriting. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP\narchives. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.\n(CVE-2019-19925, CVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during\nparsing. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n(CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column\noptimizations. An attacker could use this issue to cause SQLite to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.\n(CVE-2020-9327).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-03-11T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : SQLite vulnerabilities (USN-4298-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-20218", "CVE-2019-13753", "CVE-2020-9327", "CVE-2019-13750", "CVE-2019-13734", "CVE-2019-19926", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-19924", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-13751", "CVE-2019-13752"], "modified": "2020-03-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10", "p-cpe:/a:canonical:ubuntu_linux:sqlite3"], "id": "UBUNTU_USN-4298-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134402", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4298-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134402);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-13734\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-19880\", \"CVE-2019-19923\", \"CVE-2019-19924\", \"CVE-2019-19925\", \"CVE-2019-19926\", \"CVE-2019-19959\", \"CVE-2019-20218\", \"CVE-2020-9327\");\n script_xref(name:\"USN\", value:\"4298-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : SQLite vulnerabilities (USN-4298-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that SQLite incorrectly handled certain shadow\ntables. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt\nrecords. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree\nrewriting. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP\narchives. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.\n(CVE-2019-19925, CVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during\nparsing. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n(CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column\noptimizations. An attacker could use this issue to cause SQLite to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.\n(CVE-2020-9327).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4298-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libsqlite3-0 and / or sqlite3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsqlite3-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libsqlite3-0\", pkgver:\"3.11.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"sqlite3\", pkgver:\"3.11.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libsqlite3-0\", pkgver:\"3.22.0-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"sqlite3\", pkgver:\"3.22.0-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libsqlite3-0\", pkgver:\"3.29.0-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"sqlite3\", pkgver:\"3.29.0-2ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsqlite3-0 / sqlite3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-19T05:30:43", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2014 advisory.\n\n - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-05-05T00:00:00", "title": "RHEL 7 : sqlite (RHSA-2020:2014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13734"], "modified": "2020-05-05T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_e4s:7.6::computenode", "cpe:/o:redhat:rhel_tus:7.6::computenode", "p-cpe:/a:redhat:enterprise_linux:sqlite-doc", "cpe:/o:redhat:rhel_tus:7.6", "cpe:/o:redhat:rhel_eus:7.6::computenode", "cpe:/o:redhat:rhel_aus:7.6::server", "p-cpe:/a:redhat:enterprise_linux:lemon", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_e4s:7.6::server", "cpe:/o:redhat:rhel_aus:7.6", "p-cpe:/a:redhat:enterprise_linux:sqlite-tcl", "p-cpe:/a:redhat:enterprise_linux:sqlite", "cpe:/o:redhat:rhel_aus:7.6::computenode", "cpe:/o:redhat:rhel_eus:7.6::server", "cpe:/o:redhat:rhel_tus:7.6::server", "p-cpe:/a:redhat:enterprise_linux:sqlite-devel"], "id": "REDHAT-RHSA-2020-2014.NASL", "href": "https://www.tenable.com/plugins/nessus/136322", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2014. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136322);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2019-13734\");\n script_xref(name:\"RHSA\", value:\"2020:2014\");\n\n script_name(english:\"RHEL 7 : sqlite (RHSA-2020:2014)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2014 advisory.\n\n - sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-13734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1781980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13734\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6::server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sqlite-tcl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_aus_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms'\n ],\n 'rhel_eus_7_6_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-source-rpms'\n ],\n 'rhel_eus_7_6_server': [\n 'rhel-7-for-arm-64-debug-rpms',\n 'rhel-7-for-arm-64-optional-debug-rpms',\n 'rhel-7-for-arm-64-optional-rpms',\n 'rhel-7-for-arm-64-optional-source-rpms',\n 'rhel-7-for-arm-64-rpms',\n 'rhel-7-for-arm-64-source-rpms',\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-rpms',\n 'rhel-7-for-system-z-eus-optional-source-rpms',\n 'rhel-7-for-system-z-eus-rpms',\n 'rhel-7-for-system-z-eus-source-rpms',\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms'\n ],\n 'rhel_tus_7_6_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2014');\n}\n\npkgs = [\n {'reference':'lemon-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'aarch64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'lemon-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390x', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'lemon-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'aarch64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'i686', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390x', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-devel-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'aarch64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-devel-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'i686', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-devel-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-devel-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390x', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-devel-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-doc-3.7.17-8.el7_6.1', 'sp':'6', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-tcl-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'aarch64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-tcl-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'s390x', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']},\n {'reference':'sqlite-tcl-3.7.17-8.el7_6.1', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_6_server', 'rhel_e4s_7_6_server', 'rhel_eus_7_6_computenode', 'rhel_eus_7_6_server', 'rhel_tus_7_6_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lemon / sqlite / sqlite-devel / sqlite-doc / sqlite-tcl');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:46:44", "description": "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page. (CVE-2019-13734)", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-02-24T00:00:00", "title": "Amazon Linux 2 : sqlite (ALAS-2020-1394)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13734"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:sqlite-debuginfo", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:sqlite", "p-cpe:/a:amazon:linux:sqlite-tcl", "p-cpe:/a:amazon:linux:lemon", "p-cpe:/a:amazon:linux:sqlite-devel", "p-cpe:/a:amazon:linux:sqlite-doc"], "id": "AL2_ALAS-2020-1394.NASL", "href": "https://www.tenable.com/plugins/nessus/133866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1394.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133866);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/26\");\n\n script_cve_id(\"CVE-2019-13734\");\n script_xref(name:\"ALAS\", value:\"2020-1394\");\n\n script_name(english:\"Amazon Linux 2 : sqlite (ALAS-2020-1394)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page. (CVE-2019-13734)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update sqlite' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:lemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:sqlite-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"lemon-3.7.17-8.amzn2.1.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"sqlite-3.7.17-8.amzn2.1.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"sqlite-debuginfo-3.7.17-8.amzn2.1.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"sqlite-devel-3.7.17-8.amzn2.1.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"sqlite-doc-3.7.17-8.amzn2.1.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"sqlite-tcl-3.7.17-8.amzn2.1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lemon / sqlite / sqlite-debuginfo / sqlite-devel / sqlite-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-14T14:48:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877318", "type": "openvas", "title": "Fedora Update for chromium FEDORA-2019-1a10c04281", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877318\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13764\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:37:33 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for chromium FEDORA-2019-1a10c04281\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1a10c04281\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2019-1a10c04281 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~79.0.3945.79~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-19T14:36:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-12-18T00:00:00", "published": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310815871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815871", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-Windows", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815871\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\",\n \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\",\n \"CVE-2019-13735\", \"CVE-2019-13764\", \"CVE-2019-13736\", \"CVE-2019-13737\",\n \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\",\n \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\",\n \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\",\n \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\",\n \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\",\n \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\",\n \"CVE-2019-13763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-12 12:30:31 +0530 (Thu, 12 Dec 2019)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple use after free errors in Bluetooth, WebSockets, WebAudio.\n\n - A heap buffer overflow error in password manager.\n\n - An insufficient policy enforcement in WebSockets.\n\n - Multiple out of bounds write errors in V8, SQLite.\n\n - A type confusion error in V8.\n\n - An integer overflow error in PDFium.\n\n - An insufficient policy enforcement in autocomplete, navigation, cookies, audio, omnibox, developer tools, extensions, downloads and payments.\n\n - An incorrect security UI in Omnibox, sharing, external protocol handling, printing, interstitials.\n\n - An insufficient validation of untrusted input in Blink.\n\n - An uninitialized use in rendering.\n\n - An insufficient data validation in SQLite.\n\n - An uninitialized use in SQLite.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose sensitive information, execute arbitrary code, bypass security\n restrictions and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 79.0.3945.79 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 79.0.3945.79\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\");\n script_xref(name:\"URL\", value:\"https://www.google.com/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"79.0.3945.79\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"79.0.3945.79\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-19T14:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-12-18T00:00:00", "published": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310815873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815873", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-MAC OS X", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815873\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\",\n \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\",\n \"CVE-2019-13735\", \"CVE-2019-13764\", \"CVE-2019-13736\", \"CVE-2019-13737\",\n \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\",\n \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\",\n \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\",\n \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\",\n \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\",\n \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\",\n \"CVE-2019-13763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-12 12:30:31 +0530 (Thu, 12 Dec 2019)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple use after free errors in Bluetooth, WebSockets, WebAudio.\n\n - A heap buffer overflow error in password manager.\n\n - An insufficient policy enforcement in WebSockets.\n\n - Multiple out of bounds write errors in V8, SQLite.\n\n - A type confusion error in V8.\n\n - An integer overflow error in PDFium.\n\n - An insufficient policy enforcement in autocomplete, navigation, cookies, audio, omnibox, developer tools, extensions, downloads and payments.\n\n - An incorrect security UI in Omnibox, sharing, external protocol handling, printing, interstitials.\n\n - An insufficient validation of untrusted input in Blink.\n\n - An uninitialized use in rendering.\n\n - An insufficient data validation in SQLite.\n\n - An uninitialized use in SQLite.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose sensitive information, execute arbitrary code, bypass security\n restrictions and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 79.0.3945.79 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 79.0.3945.79\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\");\n script_xref(name:\"URL\", value:\"https://www.google.com/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"79.0.3945.79\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"79.0.3945.79\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:28:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852858", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852858", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2692-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852858\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\",\n \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\",\n \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\",\n \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\",\n \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\",\n \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\",\n \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\",\n \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\",\n \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\",\n \"CVE-2019-13764\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:37:25 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2692-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2692-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00034.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the openSUSE-SU-2019:2692-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for chromium fixes the following issues:\n\n Chromium was updated to 79.0.3945.79 (boo#1158982)\n\n - CVE-2019-13725: Fixed a use after free in Bluetooth\n\n - CVE-2019-13726: Fixed a heap buffer overflow in password manager\n\n - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets\n\n - CVE-2019-13728: Fixed an out of bounds write in V8\n\n - CVE-2019-13729: Fixed a use after free in WebSockets\n\n - CVE-2019-13730: Fixed a type Confusion in V8\n\n - CVE-2019-13732: Fixed a use after free in WebAudio\n\n - CVE-2019-13734: Fixed an out of bounds write in SQLite\n\n - CVE-2019-13735: Fixed an out of bounds write in V8\n\n - CVE-2019-13764: Fixed a type Confusion in V8\n\n - CVE-2019-13736: Fixed an integer overflow in PDFium\n\n - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete\n\n - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation\n\n - CVE-2019-13739: Fixed an incorrect security UI in Omnibox\n\n - CVE-2019-13740: Fixed an incorrect security UI in sharing\n\n - CVE-2019-13741: Fixed an insufficient validation of untrusted input in\n Blink\n\n - CVE-2019-13742: Fixed an incorrect security UI in Omnibox\n\n - CVE-2019-13743: Fixed an incorrect security UI in external protocol\n handling\n\n - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies\n\n - CVE-2019-13745: Fixed an insufficient policy enforcement in audio\n\n - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox\n\n - CVE-2019-13747: Fixed an uninitialized Use in rendering\n\n - CVE-2019-13748: Fixed an insufficient policy enforcement in developer\n tools\n\n - CVE-2019-13749: Fixed an incorrect security UI in Omnibox\n\n - CVE-2019-13750: Fixed an insufficient data validation in SQLite\n\n - CVE-2019-13751: Fixed an uninitialized Use in SQLite\n\n - CVE-2019-13752: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13753: Fixed an out of bounds read in SQLite\n\n - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions\n\n - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions\n\n - CVE-2019-13756: Fixed an incorrect security UI in printing\n\n - CVE-2019-13757: Fixed an incorrect security UI in Omnibox\n\n - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation\n\n - CVE-2019-13759: Fixed an incorrect security UI in interstitials\n\n - CVE-2019-13761: Fixed an incorrect security UI in Omnibox\n\n - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads\n\n - CVE-2019-13763: Fixed an insufficient policy enforcement in payments\n\n Patch Instructions:\n\n To install this openSUSE Security U ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~79.0.3945.79~lp151.2.51.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~79.0.3945.79~lp151.2.51.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~79.0.3945.79~lp151.2.51.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~79.0.3945.79~lp151.2.51.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~79.0.3945.79~lp151.2.51.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-19T14:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2019-12-18T00:00:00", "published": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310815872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815872", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-Linux", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815872\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\",\n \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\",\n \"CVE-2019-13735\", \"CVE-2019-13764\", \"CVE-2019-13736\", \"CVE-2019-13737\",\n \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\",\n \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\",\n \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\",\n \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\",\n \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\",\n \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\",\n \"CVE-2019-13763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-12 12:30:31 +0530 (Thu, 12 Dec 2019)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-for-desktop-2019-12)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple use after free errors in Bluetooth, WebSockets, WebAudio.\n\n - A heap buffer overflow error in password manager.\n\n - An insufficient policy enforcement in WebSockets.\n\n - Multiple out of bounds write errors in V8, SQLite.\n\n - A type confusion error in V8.\n\n - An integer overflow error in PDFium.\n\n - An insufficient policy enforcement in autocomplete, navigation, cookies, audio, omnibox, developer tools, extensions, downloads and payments.\n\n - An incorrect security UI in Omnibox, sharing, external protocol handling, printing, interstitials.\n\n - An insufficient validation of untrusted input in Blink.\n\n - An uninitialized use in rendering.\n\n - An insufficient data validation in SQLite.\n\n - An uninitialized use in SQLite.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose sensitive information, execute arbitrary code, bypass security\n restrictions and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 79.0.3945.79 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 79.0.3945.79\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html\");\n script_xref(name:\"URL\", value:\"https://www.google.com/chrome\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\nchr_ver = infos['version'];\nchr_path = infos['location'];\n\nif(version_is_less(version:chr_ver, test_version:\"79.0.3945.79\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"79.0.3945.79\", install_path:chr_path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T18:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "The remote host is missing an update for the ", "modified": "2020-01-28T00:00:00", "published": "2020-01-27T00:00:00", "id": "OPENVAS:1361412562310877374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877374", "type": "openvas", "title": "Fedora: Security Advisory for chromium (FEDORA-2020-4355ea258e)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877374\");\n script_version(\"2020-01-28T10:45:23+0000\");\n script_cve_id(\"CVE-2020-6377\", \"CVE-2019-13767\", \"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13764\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 10:45:23 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:25:03 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for chromium (FEDORA-2020-4355ea258e)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-4355ea258e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the FEDORA-2020-4355ea258e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium is an open-source web browser, powered by WebKit (Blink).\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~79.0.3945.117~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-21T14:50:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2020-6379", "CVE-2019-13748", "CVE-2019-13755", "CVE-2020-6380", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2020-6378", "CVE-2019-13747"], "description": "The remote host is missing an update for the ", "modified": "2020-01-21T00:00:00", "published": "2020-01-21T00:00:00", "id": "OPENVAS:1361412562310704606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704606", "type": "openvas", "title": "Debian Security Advisory DSA 4606-1 (chromium - security update)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704606\");\n script_version(\"2020-01-21T04:00:40+0000\");\n script_cve_id(\"CVE-2019-13725\", \"CVE-2019-13726\", \"CVE-2019-13727\", \"CVE-2019-13728\", \"CVE-2019-13729\", \"CVE-2019-13730\", \"CVE-2019-13732\", \"CVE-2019-13734\", \"CVE-2019-13735\", \"CVE-2019-13736\", \"CVE-2019-13737\", \"CVE-2019-13738\", \"CVE-2019-13739\", \"CVE-2019-13740\", \"CVE-2019-13741\", \"CVE-2019-13742\", \"CVE-2019-13743\", \"CVE-2019-13744\", \"CVE-2019-13745\", \"CVE-2019-13746\", \"CVE-2019-13747\", \"CVE-2019-13748\", \"CVE-2019-13749\", \"CVE-2019-13750\", \"CVE-2019-13751\", \"CVE-2019-13752\", \"CVE-2019-13753\", \"CVE-2019-13754\", \"CVE-2019-13755\", \"CVE-2019-13756\", \"CVE-2019-13757\", \"CVE-2019-13758\", \"CVE-2019-13759\", \"CVE-2019-13761\", \"CVE-2019-13762\", \"CVE-2019-13763\", \"CVE-2019-13764\", \"CVE-2019-13767\", \"CVE-2020-6377\", \"CVE-2020-6378\", \"CVE-2020-6379\", \"CVE-2020-6380\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-21 04:00:40 +0000 (Tue, 21 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-21 04:00:40 +0000 (Tue, 21 Jan 2020)\");\n script_name(\"Debian Security Advisory DSA 4606-1 (chromium - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4606.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4606-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the DSA-4606-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2019-13725\nGengming Liu and Jianyu Chen discovered a use-after-free issue in the\nbluetooth implementation.\n\nCVE-2019-13726\nSergei Glazunov discovered a buffer overflow issue.\n\nCVE-2019-13727\n@piochu discovered a policy enforcement error.\n\nCVE-2019-13728\nRong Jian and Guang Gong discovered an out-of-bounds write error in the\nv8 javascript library.\n\nCVE-2019-13729\nZhe Jin discovered a use-after-free issue.\n\nCVE-2019-13730\nSoyeon Park and Wen Xu discovered the use of a wrong type in the v8\njavascript library.\n\nCVE-2019-13732\nSergei Glazunov discovered a use-after-free issue in the WebAudio\nimplementation.\n\nCVE-2019-13734\nWenxiang Qian discovered an out-of-bounds write issue in the sqlite\nlibrary.\n\nCVE-2019-13735\nGengming Liu and Zhen Feng discovered an out-of-bounds write issue in the\nv8 javascript library.\n\nCVE-2019-13736\nAn integer overflow issue was discovered in the pdfium library.\n\nCVE-2019-13737\nMark Amery discovered a policy enforcement error.\n\nCVE-2019-13738\nJohnathan Norman and Daniel Clark discovered a policy enforcement error.\n\nCVE-2019-13739\nxisigr discovered a user interface error.\n\nCVE-2019-13740\nKhalil Zhani discovered a user interface error.\n\nCVE-2019-13741\nMicha? Bentkowski discovered that user input could be incompletely\nvalidated.\n\nCVE-2019-13742\nKhalil Zhani discovered a user interface error.\n\nCVE-2019-13743\nZhiyang Zeng discovered a user interface error.\n\nCVE-2019-13744\nPrakash discovered a policy enforcement error.\n\nCVE-2019-13745\nLuan Herrera discovered a policy enforcement error.\n\nCVE-2019-13746\nDavid Erceg discovered a policy enforcement error.\n\nCVE-2019-13747\nIvan Popelyshev and Andre Bonatti discovered an uninitialized value.\n\nCVE-2019-13748\nDavid Erceg discovered a policy enforcement error.\n\nCVE-2019-13749\nKhalil Zhani discovered a user interface error.\n\nCVE-2019-13750\nWenxiang Qian discovered insufficient validation of data in the sqlite\nlibrary.\n\nCVE-2019-13751\nWenxiang Qian discovered an uninitialized value in the sqlite library.\n\nCVE-2019-13752\nWenxiang Qian discovered an out-of-bounds read issue in the sqlite\nlibrary.\n\nCVE-2019-13753\nWenxiang Qian discovered an out-of-bounds read issue in the sqlite\nlibrary.\n\nCVE-2019-13754\nCody Crews discovered a policy enforcement error.\n\nCVE-2019-13755\nMasato Kinugawa discovered a policy enforcement error.\n\nCVE-2019-13756\nKhalil Zhani discovered a user interface error.\n\nCVE-2019-13757\nKhalil Zhani discovered a user interface error.\n\nCVE-2019-13758\nKhalil Zhani discovered a policy enforecement error.\n\nCVE-2019-13759\nWenxu Wu discovered a ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), security support for chromium has\nbeen discontinued.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 79.0.3945.130-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-common\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-sandbox\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"79.0.3945.130-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T16:57:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-20218", "CVE-2019-13753", "CVE-2020-9327", "CVE-2019-13750", "CVE-2019-13734", "CVE-2019-19926", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-19924", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-13751", "CVE-2019-13752"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2020-03-11T00:00:00", "id": "OPENVAS:1361412562310844360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844360", "type": "openvas", "title": "Ubuntu: Security Advisory for sqlite3 (USN-4298-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844360\");\n script_version(\"2020-03-13T09:57:52+0000\");\n script_cve_id(\"CVE-2019-13734\", \"CVE-2019-13750\", \"CVE-2019-13753\", \"CVE-2019-13751\", \"CVE-2019-19880\", \"CVE-2019-19923\", \"CVE-2019-19924\", \"CVE-2019-19925\", \"CVE-2019-19959\", \"CVE-2019-19926\", \"CVE-2019-20218\", \"CVE-2020-9327\", \"CVE-2019-13752\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 09:57:52 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-11 04:00:17 +0000 (Wed, 11 Mar 2020)\");\n script_name(\"Ubuntu: Security Advisory for sqlite3 (USN-4298-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4298-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-March/005354.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sqlite3'\n package(s) announced via the USN-4298-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that SQLite incorrectly handled certain shadow tables. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-13734,\nCVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt records.\nAn attacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree rewriting. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP archives. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925,\nCVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during parsing. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An\nattacker could use this issue to cause SQLite to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column\noptimizations. An attacker could use this issue to cause SQLite to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327)\");\n\n script_tag(name:\"affected\", value:\"'sqlite3' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsqlite3-0\", ver:\"3.29.0-2ubuntu0.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"sqlite3\", ver:\"3.29.0-2ubuntu0.2\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsqlite3-0\", ver:\"3.22.0-1ubuntu0.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"sqlite3\", ver:\"3.22.0-1ubuntu0.3\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libsqlite3-0\", ver:\"3.11.0-1ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"sqlite3\", ver:\"3.11.0-1ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-30T16:44:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13734"], "description": "The remote host is missing an update for the ", "modified": "2020-01-30T00:00:00", "published": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310883170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883170", "type": "openvas", "title": "CentOS: Security Advisory for lemon (CESA-2020:0227)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883170\");\n script_version(\"2020-01-30T08:15:08+0000\");\n script_cve_id(\"CVE-2019-13734\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-30 08:15:08 +0000 (Thu, 30 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-29 04:01:08 +0000 (Wed, 29 Jan 2020)\");\n script_name(\"CentOS: Security Advisory for lemon (CESA-2020:0227)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2020:0227\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-January/035616.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'lemon'\n package(s) announced via the CESA-2020:0227 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"SQLite is a C library that implements an SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a single\ndisk file. The API is designed for convenience and ease of use.\nApplications that link against SQLite can enjoy the power and flexibility\nof an SQL database without the administrative hassles of supporting a\nseparate database server.\n\nSecurity Fix(es):\n\n * sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'lemon' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"lemon\", rpm:\"lemon~3.7.17~8.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite\", rpm:\"sqlite~3.7.17~8.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-devel\", rpm:\"sqlite-devel~3.7.17~8.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-doc\", rpm:\"sqlite-doc~3.7.17~8.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-tcl\", rpm:\"sqlite-tcl~3.7.17~8.el7_7.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-17T16:54:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-20218", "CVE-2019-13734", "CVE-2019-19924", "CVE-2019-19956"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201434", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1434)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1434\");\n script_version(\"2020-04-16T05:52:52+0000\");\n script_cve_id(\"CVE-2019-13734\", \"CVE-2019-19924\", \"CVE-2019-20218\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:52:52 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:52:52 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1434)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1434\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1434\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'sqlite' package(s) announced via the EulerOS-SA-2020-1434 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2019-13734)\n\n\n\nselectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.(CVE-2019-20218)\n\n\n\nSQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.(CVE-2019-19924)\n\n\n\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.(CVE-2019-19956)\");\n\n script_tag(name:\"affected\", value:\"'sqlite' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite\", rpm:\"sqlite~3.7.17~8.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"sqlite-devel\", rpm:\"sqlite-devel~3.7.17~8.h8\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-12-18T18:21:07", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "This update for chromium fixes the following issues:\n\n Chromium was updated to 79.0.3945.79 (boo#1158982)\n\n - CVE-2019-13725: Fixed a use after free in Bluetooth\n - CVE-2019-13726: Fixed a heap buffer overflow in password manager\n - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets\n - CVE-2019-13728: Fixed an out of bounds write in V8\n - CVE-2019-13729: Fixed a use after free in WebSockets\n - CVE-2019-13730: Fixed a type Confusion in V8\n - CVE-2019-13732: Fixed a use after free in WebAudio\n - CVE-2019-13734: Fixed an out of bounds write in SQLite\n - CVE-2019-13735: Fixed an out of bounds write in V8\n - CVE-2019-13764: Fixed a type Confusion in V8\n - CVE-2019-13736: Fixed an integer overflow in PDFium\n - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete\n - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation\n - CVE-2019-13739: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13740: Fixed an incorrect security UI in sharing\n - CVE-2019-13741: Fixed an insufficient validation of untrusted input in\n Blink\n - CVE-2019-13742: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13743: Fixed an incorrect security UI in external protocol\n handling\n - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies\n - CVE-2019-13745: Fixed an insufficient policy enforcement in audio\n - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox\n - CVE-2019-13747: Fixed an uninitialized Use in rendering\n - CVE-2019-13748: Fixed an insufficient policy enforcement in developer\n tools\n - CVE-2019-13749: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13750: Fixed an insufficient data validation in SQLite\n - CVE-2019-13751: Fixed an uninitialized Use in SQLite\n - CVE-2019-13752: Fixed an out of bounds read in SQLite\n - CVE-2019-13753: Fixed an out of bounds read in SQLite\n - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions\n - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions\n - CVE-2019-13756: Fixed an incorrect security UI in printing\n - CVE-2019-13757: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation\n - CVE-2019-13759: Fixed an incorrect security UI in interstitials\n - CVE-2019-13761: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads\n - CVE-2019-13763: Fixed an insufficient policy enforcement in payments\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n", "edition": 1, "modified": "2019-12-18T15:13:44", "published": "2019-12-18T15:13:44", "id": "OPENSUSE-SU-2019:2694-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-17T02:20:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "This update for chromium fixes the following issues:\n\n Chromium was updated to 79.0.3945.79 (boo#1158982)\n\n - CVE-2019-13725: Fixed a use after free in Bluetooth\n - CVE-2019-13726: Fixed a heap buffer overflow in password manager\n - CVE-2019-13727: Fixed an insufficient policy enforcement in WebSockets\n - CVE-2019-13728: Fixed an out of bounds write in V8\n - CVE-2019-13729: Fixed a use after free in WebSockets\n - CVE-2019-13730: Fixed a type Confusion in V8\n - CVE-2019-13732: Fixed a use after free in WebAudio\n - CVE-2019-13734: Fixed an out of bounds write in SQLite\n - CVE-2019-13735: Fixed an out of bounds write in V8\n - CVE-2019-13764: Fixed a type Confusion in V8\n - CVE-2019-13736: Fixed an integer overflow in PDFium\n - CVE-2019-13737: Fixed an insufficient policy enforcement in autocomplete\n - CVE-2019-13738: Fixed an insufficient policy enforcement in navigation\n - CVE-2019-13739: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13740: Fixed an incorrect security UI in sharing\n - CVE-2019-13741: Fixed an insufficient validation of untrusted input in\n Blink\n - CVE-2019-13742: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13743: Fixed an incorrect security UI in external protocol\n handling\n - CVE-2019-13744: Fixed an insufficient policy enforcement in cookies\n - CVE-2019-13745: Fixed an insufficient policy enforcement in audio\n - CVE-2019-13746: Fixed an insufficient policy enforcement in Omnibox\n - CVE-2019-13747: Fixed an uninitialized Use in rendering\n - CVE-2019-13748: Fixed an insufficient policy enforcement in developer\n tools\n - CVE-2019-13749: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13750: Fixed an insufficient data validation in SQLite\n - CVE-2019-13751: Fixed an uninitialized Use in SQLite\n - CVE-2019-13752: Fixed an out of bounds read in SQLite\n - CVE-2019-13753: Fixed an out of bounds read in SQLite\n - CVE-2019-13754: Fixed an insufficient policy enforcement in extensions\n - CVE-2019-13755: Fixed an insufficient policy enforcement in extensions\n - CVE-2019-13756: Fixed an incorrect security UI in printing\n - CVE-2019-13757: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13758: Fixed an insufficient policy enforcement in navigation\n - CVE-2019-13759: Fixed an incorrect security UI in interstitials\n - CVE-2019-13761: Fixed an incorrect security UI in Omnibox\n - CVE-2019-13762: Fixed an insufficient policy enforcement in downloads\n - CVE-2019-13763: Fixed an insufficient policy enforcement in payments\n\n", "edition": 1, "modified": "2019-12-17T00:12:34", "published": "2019-12-17T00:12:34", "id": "OPENSUSE-SU-2019:2692-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00034.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2019-12-18T01:56:55", "published": "2019-12-18T01:56:55", "id": "FEDORA:58B4460D22EC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: chromium-79.0.3945.79-1.fc31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2020-01-19T01:01:39", "published": "2020-01-19T01:01:39", "id": "FEDORA:9471A606D8C2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: chromium-79.0.3945.117-1.fc30", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-19T01:27:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 79.0.3945.79.\n\nSecurity Fix(es):\n\n* chromium-browser: Use after free in Bluetooth (CVE-2019-13725)\n\n* chromium-browser: Heap buffer overflow in password manager (CVE-2019-13726)\n\n* chromium-browser: Insufficient policy enforcement in WebSockets (CVE-2019-13727)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13728)\n\n* chromium-browser: Use after free in WebSockets (CVE-2019-13729)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13730)\n\n* chromium-browser: Use after free in WebAudio (CVE-2019-13732)\n\n* chromium-browser: Out of bounds write in SQLite (CVE-2019-13734)\n\n* chromium-browser: Out of bounds write in V8 (CVE-2019-13735)\n\n* chromium-browser: Type Confusion in V8 (CVE-2019-13764)\n\n* chromium-browser: Integer overflow in PDFium (CVE-2019-13736)\n\n* chromium-browser: Insufficient policy enforcement in autocomplete (CVE-2019-13737)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13738)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13739)\n\n* chromium-browser: Incorrect security UI in sharing (CVE-2019-13740)\n\n* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2019-13741)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13742)\n\n* chromium-browser: Incorrect security UI in external protocol handling (CVE-2019-13743)\n\n* chromium-browser: Insufficient policy enforcement in cookies (CVE-2019-13744)\n\n* chromium-browser: Insufficient policy enforcement in audio (CVE-2019-13745)\n\n* chromium-browser: Insufficient policy enforcement in Omnibox (CVE-2019-13746)\n\n* chromium-browser: Uninitialized Use in rendering (CVE-2019-13747)\n\n* chromium-browser: Insufficient policy enforcement in developer tools (CVE-2019-13748)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13749)\n\n* chromium-browser: Insufficient data validation in SQLite (CVE-2019-13750)\n\n* chromium-browser: Uninitialized Use in SQLite (CVE-2019-13751)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13752)\n\n* chromium-browser: Out of bounds read in SQLite (CVE-2019-13753)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13754)\n\n* chromium-browser: Insufficient policy enforcement in extensions (CVE-2019-13755)\n\n* chromium-browser: Incorrect security UI in printing (CVE-2019-13756)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13757)\n\n* chromium-browser: Insufficient policy enforcement in navigation (CVE-2019-13758)\n\n* chromium-browser: Incorrect security UI in interstitials (CVE-2019-13759)\n\n* chromium-browser: Incorrect security UI in Omnibox (CVE-2019-13761)\n\n* chromium-browser: Insufficient policy enforcement in downloads (CVE-2019-13762)\n\n* chromium-browser: Insufficient policy enforcement in payments (CVE-2019-13763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-12-16T14:01:58", "published": "2019-12-16T13:51:16", "id": "RHSA-2019:4238", "href": "https://access.redhat.com/errata/RHSA-2019:4238", "type": "redhat", "title": "(RHSA-2019:4238) Critical: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T09:31:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-01-27T13:34:13", "published": "2020-01-27T12:50:15", "id": "RHSA-2020:0227", "href": "https://access.redhat.com/errata/RHSA-2020:0227", "type": "redhat", "title": "(RHSA-2020:0227) Important: sqlite security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T11:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-01-29T14:49:19", "published": "2020-01-29T14:14:12", "id": "RHSA-2020:0273", "href": "https://access.redhat.com/errata/RHSA-2020:0273", "type": "redhat", "title": "(RHSA-2020:0273) Important: sqlite security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-05T23:12:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-05-05T12:21:59", "published": "2020-05-05T11:45:32", "id": "RHSA-2020:2014", "href": "https://access.redhat.com/errata/RHSA-2020:2014", "type": "redhat", "title": "(RHSA-2020:2014) Important: sqlite security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T09:31:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-01-27T13:52:11", "published": "2020-01-27T13:10:02", "id": "RHSA-2020:0229", "href": "https://access.redhat.com/errata/RHSA-2020:0229", "type": "redhat", "title": "(RHSA-2020:0229) Important: sqlite security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-30T19:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13752", "CVE-2019-13753", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-8457"], "description": "SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457)\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752)\n\n* sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753)\n\n* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)\n\n* sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924)\n\n* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)\n\n* sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames (CVE-2019-19959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "modified": "2020-04-28T14:50:33", "published": "2020-04-28T13:19:01", "id": "RHSA-2020:1810", "href": "https://access.redhat.com/errata/RHSA-2020:1810", "type": "redhat", "title": "(RHSA-2020:1810) Moderate: sqlite security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-12T11:43:44", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734", "CVE-2019-19335"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions (CVE-2019-19335)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-02-12T16:26:20", "published": "2020-02-12T16:25:26", "id": "RHSA-2020:0463", "href": "https://access.redhat.com/errata/RHSA-2020:0463", "type": "redhat", "title": "(RHSA-2020:0463) Low: OpenShift Container Platform 4.2.18 ose-installer-container security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-12T11:43:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734", "CVE-2019-19335"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions (CVE-2019-19335)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-02-12T16:27:12", "published": "2020-02-12T16:25:31", "id": "RHSA-2020:0476", "href": "https://access.redhat.com/errata/RHSA-2020:0476", "type": "redhat", "title": "(RHSA-2020:0476) Low: OpenShift Container Platform 4.2.18 ose-baremetal-installer-container and ose-cli-artifacts-container security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-19T21:32:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2183", "CVE-2019-13734"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.", "modified": "2020-02-20T01:05:24", "published": "2020-02-20T01:04:47", "id": "RHSA-2020:0451", "href": "https://access.redhat.com/errata/RHSA-2020:0451", "type": "redhat", "title": "(RHSA-2020:0451) Moderate: OpenShift Container Platform 3.11 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T12:03:36", "bulletinFamily": "info", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13722", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "### *Detect date*:\n12/10/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nGoogle Chrome 79 earlier than 79.0.3945.79\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/intl/ru/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2019-13722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722>)0.0Unknown \n[CVE-2019-13725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725>)0.0Unknown \n[CVE-2019-13726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726>)0.0Unknown \n[CVE-2019-13727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727>)0.0Unknown \n[CVE-2019-13728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728>)0.0Unknown \n[CVE-2019-13729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729>)0.0Unknown \n[CVE-2019-13730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730>)0.0Unknown \n[CVE-2019-13732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732>)0.0Unknown \n[CVE-2019-13734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734>)0.0Unknown \n[CVE-2019-13735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735>)0.0Unknown \n[CVE-2019-13764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764>)0.0Unknown \n[CVE-2019-13736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736>)0.0Unknown \n[CVE-2019-13737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737>)0.0Unknown \n[CVE-2019-13738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738>)0.0Unknown \n[CVE-2019-13739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739>)0.0Unknown \n[CVE-2019-13740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740>)0.0Unknown \n[CVE-2019-13741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741>)0.0Unknown \n[CVE-2019-13742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742>)0.0Unknown \n[CVE-2019-13743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743>)0.0Unknown \n[CVE-2019-13744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744>)0.0Unknown \n[CVE-2019-13745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745>)0.0Unknown \n[CVE-2019-13746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746>)0.0Unknown \n[CVE-2019-13747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747>)0.0Unknown \n[CVE-2019-13748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748>)0.0Unknown \n[CVE-2019-13749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749>)0.0Unknown \n[CVE-2019-13750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750>)0.0Unknown \n[CVE-2019-13751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>)0.0Unknown \n[CVE-2019-13752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752>)0.0Unknown \n[CVE-2019-13753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753>)0.0Unknown \n[CVE-2019-13754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754>)0.0Unknown \n[CVE-2019-13755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755>)0.0Unknown \n[CVE-2019-13756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756>)0.0Unknown \n[CVE-2019-13757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757>)0.0Unknown \n[CVE-2019-13758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758>)0.0Unknown \n[CVE-2019-13759](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759>)0.0Unknown \n[CVE-2019-13761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761>)0.0Unknown \n[CVE-2019-13762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762>)0.0Unknown \n[CVE-2019-13763](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763>)0.0Unknown", "edition": 1, "modified": "2020-06-04T00:00:00", "published": "2019-12-10T00:00:00", "id": "KLA11621", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11621", "title": "\r KLA11621Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-02T11:56:25", "bulletinFamily": "info", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2019-13748", "CVE-2019-13755", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13722", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2019-13747"], "description": "### *Detect date*:\n12/27/2019\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, obtain sensitive information, spoof user interface.\n\n### *Affected products*:\nOpera earlier than 66.0.3515.21\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 66](<https://blogs.opera.com/desktop/changelog-for-66/#b3515.21>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2019-13722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722>)0.0Unknown \n[CVE-2019-13725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725>)0.0Unknown \n[CVE-2019-13726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726>)0.0Unknown \n[CVE-2019-13727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727>)0.0Unknown \n[CVE-2019-13728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728>)0.0Unknown \n[CVE-2019-13729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729>)0.0Unknown \n[CVE-2019-13730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730>)0.0Unknown \n[CVE-2019-13732](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732>)0.0Unknown \n[CVE-2019-13734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734>)0.0Unknown \n[CVE-2019-13735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735>)0.0Unknown \n[CVE-2019-13764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764>)0.0Unknown \n[CVE-2019-13736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736>)0.0Unknown \n[CVE-2019-13737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737>)0.0Unknown \n[CVE-2019-13738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738>)0.0Unknown \n[CVE-2019-13739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739>)0.0Unknown \n[CVE-2019-13740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740>)0.0Unknown \n[CVE-2019-13741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741>)0.0Unknown \n[CVE-2019-13742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742>)0.0Unknown \n[CVE-2019-13743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743>)0.0Unknown \n[CVE-2019-13744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744>)0.0Unknown \n[CVE-2019-13745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745>)0.0Unknown \n[CVE-2019-13746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746>)0.0Unknown \n[CVE-2019-13747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747>)0.0Unknown \n[CVE-2019-13748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748>)0.0Unknown \n[CVE-2019-13749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749>)0.0Unknown \n[CVE-2019-13750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750>)0.0Unknown \n[CVE-2019-13751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>)0.0Unknown \n[CVE-2019-13752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752>)0.0Unknown \n[CVE-2019-13753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753>)0.0Unknown \n[CVE-2019-13754](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754>)0.0Unknown \n[CVE-2019-13755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755>)0.0Unknown \n[CVE-2019-13756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756>)0.0Unknown \n[CVE-2019-13757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757>)0.0Unknown \n[CVE-2019-13758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758>)0.0Unknown \n[CVE-2019-13759](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759>)0.0Unknown \n[CVE-2019-13761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761>)0.0Unknown \n[CVE-2019-13762](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762>)0.0Unknown \n[CVE-2019-13763](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763>)0.0Unknown", "edition": 1, "modified": "2020-06-04T00:00:00", "published": "2019-12-27T00:00:00", "id": "KLA11718", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11718", "title": "\r KLA11718Multiple vulnerabilities in Opera ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-01-11T01:30:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2019-13758", "CVE-2019-13730", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2019-13753", "CVE-2019-13740", "CVE-2019-13728", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13738", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2020-6379", "CVE-2019-13748", "CVE-2019-13755", "CVE-2020-6380", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2019-13744", "CVE-2019-13757", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2020-6378", "CVE-2019-13747"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4606-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJanuary 20, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728\n CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734\n CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738\n CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742\n CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746\n CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750\n CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754\n CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758\n CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763\n CVE-2019-13764 CVE-2019-13767 CVE-2020-6377 CVE-2020-6378\n CVE-2020-6379 CVE-2020-6380\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2019-13725\n\n Gengming Liu and Jianyu Chen discovered a use-after-free issue in the\n bluetooth implementation.\n\nCVE-2019-13726\n\n Sergei Lazunov discovered a buffer overflow issue.\n\nCVE-2019-13727\n\n @piochu discovered a policy enforcement error.\n\nCVE-2019-13728\n\n Rong Jian and Guang Gong discovered an out-of-bounds write error in the\n v8 javascript library.\n\nCVE-2019-13729\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2019-13730\n\n Soyeon Park and Wen Xu discovered the use of a wrong type in the v8\n javascript library.\n\nCVE-2019-13732\n\n Sergei Glazunov discovered a use-after-free issue in the WebAudio\n implementation.\n\nCVE-2019-13734\n\n Wenxiang Qian discovered an out-of-bounds write issue in the sqlite\n library.\n\nCVE-2019-13735\n\n Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the\n v8 javascript library.\n\nCVE-2019-13736\n\n An integer overflow issue was discovered in the pdfium library.\n\nCVE-2019-13737\n\n Mark Amery discovered a policy enforcement error.\n\nCVE-2019-13738\n\n Johnathan Norman and Daniel Clark discovered a policy enforcement error.\n\nCVE-2019-13739\n\n xisigr discovered a user interface error.\n\nCVE-2019-13740\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13741\n\n Micha\u0142 Bentkowski discovered that user input could be incompletely\n validated.\n\nCVE-2019-13742\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13743\n\n Zhiyang Zeng discovered a user interface error.\n\nCVE-2019-13744\n\n Prakash discovered a policy enforcement error.\n\nCVE-2019-13745\n\n Luan Herrera discovered a policy enforcement error.\n\nCVE-2019-13746\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2019-13747\n\n Ivan Popelyshev and Andr\u00e9 Bonatti discovered an uninitialized value.\n\nCVE-2019-13748\n\n David Erceg discovered a policy enforcement error.\n\nCVE-2019-13749\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13750\n\n Wenxiang Qian discovered insufficient validation of data in the sqlite\n library.\n\nCVE-2019-13751\n\n Wenxiang Qian discovered an uninitialized value in the sqlite library.\n\nCVE-2019-13752\n\n Wenxiang Qian discovered an out-of-bounds read issue in the sqlite\n library.\n\nCVE-2019-13753\n\n Wenxiang Qian discovered an out-of-bounds read issue in the sqlite\n library.\n\nCVE-2019-13754\n\n Cody Crews discovered a policy enforcement error.\n\nCVE-2019-13755\n\n Masato Kinugawa discovered a policy enforcement error.\n\nCVE-2019-13756\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13757\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13758\n\n Khalil Zhani discovered a policy enforecement error.\n\nCVE-2019-13759\n\n Wenxu Wu discovered a user interface error.\n\nCVE-2019-13761\n\n Khalil Zhani discovered a user interface error.\n\nCVE-2019-13762\n\n csanuragjain discovered a policy enforecement error.\n\nCVE-2019-13763\n\n weiwangpp93 discovered a policy enforecement error.\n\nCVE-2019-13764\n\n Soyeon Park and Wen Xu discovered the use of a wrong type in the v8\n javascript library.\n\nCVE-2019-13767\n\n Sergei Glazunov discovered a use-after-free issue.\n\nCVE-2020-6377\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2020-6378\n\n Antti Levom\u00e4ki and Christian Jalio discovered a use-after-free issue.\n\nCVE-2020-6379\n\n Guang Gong discovered a use-after-free issue.\n\nCVE-2020-6380\n\n Sergei Glazunov discovered an error verifying extension messages.\n\nFor the oldstable distribution (stretch), security support for chromium has\nbeen discontinued.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 79.0.3945.130-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2020-01-20T11:52:55", "published": "2020-01-20T11:52:55", "id": "DEBIAN:DSA-4606-1:D7F34", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00009.html", "title": "[SECURITY] [DSA 4606-1] chromium security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-02-02T07:12:50", "description": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13739", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13739"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13739", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.", "edition": 20, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13755", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13755"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13755", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13740", "type": "cve", "cwe": ["CWE-346"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13740"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13740", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.", "edition": 18, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13744", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13744"], "modified": "2019-12-16T12:15:00", "cpe": [], "id": "CVE-2019-13744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13744", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13736", "type": "cve", "cwe": ["CWE-190", "CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13736"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13736", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13736", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13746", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13746"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13746", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "edition": 20, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13759", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13759"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13759", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13759", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 18, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13730", "type": "cve", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13730"], "modified": "2019-12-16T12:15:00", "cpe": [], "id": "CVE-2019-13730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13730", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 18, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13728", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13728"], "modified": "2019-12-16T12:15:00", "cpe": [], "id": "CVE-2019-13728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13728", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:50", "description": "Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-10T22:15:00", "title": "CVE-2019-13741", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13741"], "modified": "2020-08-24T17:37:00", "cpe": [], "id": "CVE-2019-13741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13741", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "ubuntu": [{"lastseen": "2020-08-03T23:52:07", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13753", "CVE-2019-13750", "CVE-2019-13734", "CVE-2019-19926", "CVE-2019-13751", "CVE-2019-13752"], "description": "USN-4298-1 fixed several vulnerabilities in SQLite. This update provides \nthe corresponding update for Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that SQLite incorrectly handled certain shadow tables. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-13734, \nCVE-2019-13750, CVE-2019-13752, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt records. \nAn attacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled errors during parsing. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-19926)", "edition": 1, "modified": "2020-08-03T00:00:00", "published": "2020-08-03T00:00:00", "id": "USN-4298-2", "href": "https://ubuntu.com/security/notices/USN-4298-2", "title": "SQLite vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2019-20218", "CVE-2019-13753", "CVE-2020-9327", "CVE-2019-13750", "CVE-2019-13734", "CVE-2019-19926", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-19924", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-13751", "CVE-2019-13752"], "description": "It was discovered that SQLite incorrectly handled certain shadow tables. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-13734, \nCVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt records. \nAn attacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree rewriting. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP archives. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, \nCVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during parsing. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An \nattacker could use this issue to cause SQLite to crash, resulting in a \ndenial of service, or possibly execute arbitrary code. (CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column \noptimizations. An attacker could use this issue to cause SQLite to crash, \nresulting in a denial of service, or possibly execute arbitrary code. This \nissue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327)", "edition": 2, "modified": "2020-03-10T00:00:00", "published": "2020-03-10T00:00:00", "id": "USN-4298-1", "href": "https://ubuntu.com/security/notices/USN-4298-1", "title": "SQLite vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2020-03-13T06:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6395", "CVE-2019-13764", "CVE-2019-13763", "CVE-2019-13759", "CVE-2020-6381", "CVE-2019-13758", "CVE-2019-13730", "CVE-2020-6394", "CVE-2020-6397", "CVE-2019-13736", "CVE-2019-13745", "CVE-2020-6377", "CVE-2019-13746", "CVE-2020-6399", "CVE-2020-6392", "CVE-2020-6387", "CVE-2019-13753", "CVE-2020-6412", "CVE-2020-6389", "CVE-2019-13740", "CVE-2020-6390", "CVE-2020-6407", "CVE-2019-13728", "CVE-2019-13741", "CVE-2020-6416", "CVE-2020-6410", "CVE-2019-13742", "CVE-2020-6396", "CVE-2019-13749", "CVE-2019-13750", "CVE-2020-6385", "CVE-2019-13738", "CVE-2019-13734", "CVE-2020-6401", "CVE-2020-6414", "CVE-2019-13735", "CVE-2020-6391", "CVE-2020-6420", "CVE-2019-13724", "CVE-2020-6411", "CVE-2020-6400", "CVE-2020-6398", "CVE-2020-6388", "CVE-2020-6413", "CVE-2019-13756", "CVE-2019-13754", "CVE-2019-13723", "CVE-2019-13761", "CVE-2019-13727", "CVE-2019-13762", "CVE-2019-13726", "CVE-2020-6415", "CVE-2020-6379", "CVE-2019-13748", "CVE-2019-13755", "CVE-2020-6380", "CVE-2019-13767", "CVE-2019-13729", "CVE-2019-13732", "CVE-2020-6404", "CVE-2019-13744", "CVE-2019-13757", "CVE-2020-6382", "CVE-2020-6403", "CVE-2020-6406", "CVE-2019-13743", "CVE-2019-13751", "CVE-2019-13739", "CVE-2020-6402", "CVE-2020-6418", "CVE-2019-13725", "CVE-2019-13752", "CVE-2019-13737", "CVE-2020-6378", "CVE-2020-6393", "CVE-2019-13747"], "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-80.0.3987.132\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-80.0.3987.132\"", "edition": 1, "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "GLSA-202003-08", "href": "https://security.gentoo.org/glsa/202003-08", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2020-10-15T22:26:59", "bulletinFamily": "info", "cvelist": ["CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2019-13734", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2020-5135"], "description": "Researchers have disclosed five recently-patched vulnerabilities in the Google Chrome browser that could be exploited by an attacker to remotely execute code.\n\nThe vulnerabilities, dubbed Magellan 2.0 by the Tencent Blade team of researchers who discovered them, exist in the SQLite database management system. SQLite is a lightweight, self-contained database engine utilized widely in browsers, operating systems and mobile phones.\n\nResearchers said that they were able to successfully exploit the Chrome browser leveraging the five vulnerabilities: [CVE-2019-13734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734>), [CVE-2019-13750](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750>),[ CVE-2019-13751](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>), [CVE-2019-13752](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752>),[ CVE-2019-13753](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753>). According to their [CVE](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>) [Mitre descriptions](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751>), the vulnerabilities could be exploited remotely via a crafted HTML page to launch an array of malicious attacks \u2013 allowing attackers to do anything from \u201cbypass defense-in-depth measures\u201d to \u201cobtain potentially sensitive information from process memory.\u201d\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cMagellan means a group of vulnerabilities we have reported recently,\u201d said Tencent researchers in an [advisory this week](<https://blade.tencent.com/magellan2/index_en.html>). \u201cIf you are using a software that is using SQLite as component (without the latest patch), and it supports external SQL queries\u2026 Or, you are using Chrome that is prior to 79.0.3945.79 and it enabled WebSQL, you may be affected.\u201d\n\nDue to \u201cresponsible vulnerability disclosure process,\u201d researchers said they are not disclosing further details of the vulnerability \u201c90 days after the vulnerability report.\u201d\n\nThe flaw was reported to Google and SQLite on Nov. 16, 2019; on Dec. 11, 2019, Google released the official fixed Chrome version: 79.0.3945.79. Chrome/Chromium browsers prior to version 79.0.3945.79 with WebSQL enabled may be affected, researchers said.\n\n\u201cWe have reported all the details of the vulnerability to Google and they have fixed vulnerabilities,\u201d said researchers. \u201cIf your product uses Chromium, please update to the official stable version 79.0.3945.79. If your product uses SQLite, please update to the newest code commit.\u201d\n\n> No need to worry: SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too. We haven't found any proof of wild abuse of Magellan 2.0 and will not disclose any details now. Feel free to contact us if you had any technical questions! <https://t.co/3hUro9URWf>\n> \n> \u2014 Tencent Blade Team (@tencent_blade) [December 24, 2019](<https://twitter.com/tencent_blade/status/1209291425369579521?ref_src=twsrc%5Etfw>)\n\nResearchers said that they have not yet seen Magellan 2.0 exploited in the wild.\n\nMagellan 2.0 builds on previously-disclosed [Magellan](<https://threatpost.com/def-con-2019-hacking-google-home/147170/>) flaws, a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite (CVE-2018-20346, CVE-2018-20505 CVE-2018-20506). These flaws, [discovered in 2018](<https://blade.tencent.com/magellan/index_en.html>), impact a large number of browsers, IoT devices and smartphones that use the open source Chromium engine.\n", "modified": "2019-12-27T16:45:20", "published": "2019-12-27T16:45:20", "id": "THREATPOST:B5964CC2880F7E4AFF1E9C5DEEE5B287", "href": "https://threatpost.com/google-chrome-affected-by-magellan-2-0-flaws/151446/", "type": "threatpost", "title": "Google Chrome Affected By Magellan 2.0 Flaws", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2020-04-01T02:52:39", "bulletinFamily": "software", "cvelist": ["CVE-2019-20218", "CVE-2019-13753", "CVE-2020-9327", "CVE-2019-13750", "CVE-2019-13734", "CVE-2019-19926", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-19924", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-13751", "CVE-2019-13752"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753)\n\nIt was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751)\n\nIt was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19880)\n\nIt was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19923)\n\nIt was discovered that SQLite incorrectly handled parser tree rewriting. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2019-19924)\n\nIt was discovered that SQLite incorrectly handled certain ZIP archives. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-19925, CVE-2019-19959)\n\nIt was discovered that SQLite incorrectly handled errors during parsing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-19926)\n\nIt was discovered that SQLite incorrectly handled parsing errors. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-20218)\n\nIt was discovered that SQLite incorrectly handled generated column optimizations. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-9327)\n\nCVEs contained in this USN include: CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, CVE-2019-19880, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19926, CVE-2019-19959, CVE-2019-20218, CVE-2020-9327.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.169.0\n * Xenial Stemcells \n * 97.x versions prior to 97.239\n * 170.x versions prior to 170.210\n * 250.x versions prior to 250.189\n * 315.x versions prior to 315.174\n * 456.x versions prior to 456.103\n * 621.x versions prior to 621.61\n * All other stemcells not listed.\n * CF Deployment \n * All versions prior to v12.37.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.169.0 or greater\n * Xenial Stemcells \n * Upgrade 97.x versions to 97.239 or greater\n * Upgrade 170.x versions to 170.210 or greater\n * Upgrade 250.x versions to 250.189 or greater\n * Upgrade 315.x versions to 315.174 or greater\n * Upgrade 456.x versions to 456.103 or greater\n * Upgrade 621.x versions to 621.61 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to v12.37.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4298-1/>)\n * [CVE-2019-13734](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13734>)\n * [CVE-2019-13750](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13750>)\n * [CVE-2019-13751](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13751>)\n * [CVE-2019-13752](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13752>)\n * [CVE-2019-13753](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13753>)\n * [CVE-2019-19880](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19880>)\n * [CVE-2019-19923](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19923>)\n * [CVE-2019-19924](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19924>)\n * [CVE-2019-19925](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19925>)\n * [CVE-2019-19926](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19926>)\n * [CVE-2019-19959](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19959>)\n * [CVE-2019-20218](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20218>)\n * [CVE-2020-9327](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9327>)\n\n## History\n\n2020-03-10: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-03-31T00:00:00", "published": "2020-03-31T00:00:00", "id": "CFOUNDRY:AA356DA8CD5E3C69DBEE45AEF6C8C74F", "href": "https://www.cloudfoundry.org/blog/usn-4298-1/", "title": "USN-4298-1: SQLite vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-06-04T23:32:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13753", "CVE-2019-13734", "CVE-2019-19925", "CVE-2019-19959", "CVE-2019-19924", "CVE-2019-8457", "CVE-2019-19923", "CVE-2019-13752"], "description": "[3.26.0-6]\n- Fixed issues found by covscan\n[3.26.0-5]\n- Fixed CVE-2019-13752 (#1786529)\n- Fixed CVE-2019-13753 (#1786535)\n- Fixed CVE-2019-13734 (#1786509)\n- Fixed CVE-2019-19924 (#1789776)\n- Fixed CVE-2019-19923 (#1789812)\n- Fixed CVE-2019-19925 (#1789808)\n- Fixed CVE-2019-19959 (#1789823)", "edition": 1, "modified": "2020-05-05T00:00:00", "published": "2020-05-05T00:00:00", "id": "ELSA-2020-1810", "href": "http://linux.oracle.com/errata/ELSA-2020-1810.html", "title": "sqlite security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-30T04:31:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "[3.26.0-4]\n- Fixed CVE-2019-13734 (#1786508)", "edition": 1, "modified": "2020-01-29T00:00:00", "published": "2020-01-29T00:00:00", "id": "ELSA-2020-0273", "href": "http://linux.oracle.com/errata/ELSA-2020-0273.html", "title": "sqlite security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-28T04:30:23", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "[3.7.17-8.1]\n- Fixes for CVE-2019-13734 (#1786505)", "edition": 2, "modified": "2020-01-27T00:00:00", "published": "2020-01-27T00:00:00", "id": "ELSA-2020-0227", "href": "http://linux.oracle.com/errata/ELSA-2020-0227.html", "title": "sqlite security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "googleprojectzero": [{"lastseen": "2021-01-13T07:24:00", "bulletinFamily": "info", "cvelist": ["CVE-2019-13764"], "description": "This is part 2 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the [introduction post](<https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html>).\n\nPosted by Sergei Glazunov, Project Zero\n\nThis post only covers one of the exploits, specifically a renderer exploit targeting Chrome 73-78 on Android. We use it as an opportunity to talk about an interesting vulnerability class in Chrome\u2019s JavaScript engine.\n\n### Brief introduction to typer bugs\n\nOne of the features that make JavaScript code especially difficult to optimize is the dynamic type system. Even for a trivial expression like a + b the engine has to support a multitude of cases depending on whether the parameters are numbers, strings, booleans, objects, etc. JIT compilation wouldn\u2019t make much sense if the compiler always had to emit machine code that could handle every possible type combination for every JS operation. Chrome\u2019s JavaScript engine, V8, tries to overcome this limitation through type speculation. During the first several invocations of a JavaScript function, the interpreter records the type information for various operations such as parameter accesses and property loads. If the function is later selected to be JIT compiled, TurboFan, which is V8\u2019s newest compiler, makes an assumption that the observed types will be used in all subsequent calls, and propagates the type information throughout the whole function graph using the set of rules derived from the language specification. For example: if at least one of the operands to the addition operator is a string, the output is guaranteed to be a string as well; Math.random() always returns a number; and so on. The compiler also puts runtime checks for the speculated types that trigger deoptimization (i.e., revert to execution in the interpreter and update the type feedback) in case one of the assumptions no longer holds.\n\nFor integers, V8 goes even further and tracks the possible range of nodes. The main reason behind that is that even though the ECMAScript specification defines Number as the 64-bit floating point type, internally, TurboFan always tries to use the most efficient representation possible in a given context, which could be a 64-bit integer, 31-bit tagged integer, etc. Range information is also employed in other optimizations. For example, the compiler is smart enough to figure out that in the following code snippet, the branch can never be taken and therefore eliminate the whole if statement:\n\na = Math.min(a, 1);\n\nif (a > 2) {\n\nreturn 3;\n\n} \n \n--- \n \nNow, imagine there\u2019s an issue that makes TurboFan believe that the function vuln() returns a value in the range [0; 2] whereas its actual range is [0; 4]. Consider the code below:\n\na = vuln(a);\n\nlet array = [1, 2, 3];\n\nreturn array[a]; \n \n--- \n \nIf the engine has never encountered an out-of-bounds access attempt while running the code in the interpreter, it will instruct the compiler to transform the last line into a sequence that at a certain optimization phase, can be expressed by the following pseudocode:\n\nif (a >= array.length) {\n\ndeoptimize();\n\n}\n\nlet elements = array.[[elements]];\n\nreturn elements.get(a); \n \n--- \n \nget() acts as a C-style element access operation and performs no bounds checks. In subsequent optimization phases the compiler will discover that, according to the available type information, the length check is redundant and eliminate it completely. Consequently, the generated code will be able to access out-of-bounds data.\n\nThe bug class outlined above is the main subject of this blog post; and bounds check elimination is the most popular exploitation technique for this class. A textbook example of such a vulnerability is [the off-by-one issue in the typer rule for String.indexOf](<https://bugs.chromium.org/p/chromium/issues/detail?id=762874>) found by Stephen R\u00f6ttger.\n\nA typer vulnerability doesn\u2019t have to immediately result in an integer range miscalculation that would lead to OOB access because it\u2019s possible to make the compiler propagate the error. For example, if vuln() returns an unexpected boolean value, we can easily transform it into an unexpected integer:\n\na = vuln(a); // predicted = false; actual = true\n\na = a * 10; // predicted = 0; actual = 10\n\nlet array = [1, 2, 3];\n\nreturn array[a]; \n \n--- \n \nAnother [notable bug report](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1710>) by Stephen demonstrates that even a subtle mistake such as omitting negative zero can be exploited in the same fashion.\n\nAt a certain point, this vulnerability class became extremely popular as it immediately provided an attacker with an enormously powerful and reliable exploitation primitive. Fellow Project Zero member Mark Brand has used it in his [full-chain Chrome exploit](<https://googleprojectzero.blogspot.com/2019/04/virtually-unlimited-memory-escaping.html>). The bug class has made an appearance at several [CTFs](<https://www.jaybosamiya.com/blog/2019/01/02/krautflare/>) and [exploit competitions](<https://bugs.chromium.org/p/chromium/issues/detail?id=906043>). As a result, last year the V8 team issued [a hardening patch](<https://bugs.chromium.org/p/v8/issues/detail?id=8806>) designed to prevent attackers from abusing bounds check elimination. Instead of removing the checks, the compiler started marking them as \u201caborting\u201d, so in the worst case the attacker can only trigger a SIGTRAP.\n\n### Induction variable analysis\n\nThe renderer exploit we\u2019ve discovered takes advantage of an issue in a function designed to compute the type of [induction variables](<https://en.wikipedia.org/wiki/Induction_variable>). The slightly abridged source code below is taken from the [latest affected revision](<https://chromium.googlesource.com/v8/v8.git/+/0da7ca8781c6c7ec852bef845b72ca7f212cdc23/src/compiler/typer.cc>) of V8:\n\nType Typer::Visitor::TypeInductionVariablePhi(Node* node) {\n\n[...]\n\n// We only handle integer induction variables (otherwise ranges\n\n// do not apply and we cannot do anything).\n\nif (!initial_type.Is(typer_->cache_->kInteger) ||\n\n!increment_type.Is(typer_->cache_->kInteger)) {\n\n// Fallback to normal phi typing, but ensure monotonicity.\n\n// (Unfortunately, without baking in the previous type,\n\n// monotonicity might be violated because we might not yet have\n\n// retyped the incrementing operation even though the increment's\n\n// type might been already reflected in the induction variable\n\n// phi.)\n\nType type = NodeProperties::IsTyped(node)\n\n? NodeProperties::GetType(node)\n\n: Type::None();\n\nfor (int i = 0; i < arity; ++i) {\n\ntype = Type::Union(type, Operand(node, i), zone());\n\n}\n\nreturn type;\n\n}\n\n// If we do not have enough type information for the initial value\n\n// or the increment, just return the initial value's type.\n\nif (initial_type.IsNone() ||\n\nincrement_type.Is(typer_->cache_->kSingletonZero)) {\n\nreturn initial_type;\n\n}\n\n[...]\n\nInductionVariable::ArithmeticType arithmetic_type =\n\ninduction_var->Type();\n\ndouble min = -V8_INFINITY;\n\ndouble max = V8_INFINITY;\n\ndouble increment_min;\n\ndouble increment_max;\n\nif (arithmetic_type ==\n\nInductionVariable::ArithmeticType::kAddition) {\n\nincrement_min = increment_type.Min();\n\nincrement_max = increment_type.Max();\n\n} else {\n\nDCHECK_EQ(InductionVariable::ArithmeticType::kSubtraction,\n\narithmetic_type);\n\nincrement_min = -increment_type.Max();\n\nincrement_max = -increment_type.Min();\n\n}\n\nif (increment_min >= 0) {\n\n// increasing sequence\n\nmin = initial_type.Min();\n\nfor (auto bound : induction_var->upper_bounds()) {\n\nType bound_type = TypeOrNone(bound.bound);\n\n// If the type is not an integer, just skip the bound.\n\nif (!bound_type.Is(typer_->cache_->kInteger)) continue;\n\n// If the type is not inhabited, then we can take the initial\n\n// value.\n\nif (bound_type.IsNone()) {\n\nmax = initial_type.Max();\n\nbreak;\n\n}\n\ndouble bound_max = bound_type.Max();\n\nif (bound.kind == InductionVariable::kStrict) {\n\nbound_max -= 1;\n\n}\n\nmax = std::min(max, bound_max + increment_max);\n\n}\n\n// The upper bound must be at least the initial value's upper\n\n// bound.\n\nmax = std::max(max, initial_type.Max());\n\n} else if (increment_max <= 0) {\n\n// decreasing sequence\n\n[...]\n\n} else {\n\n// Shortcut: If the increment can be both positive and negative,\n\n// the variable can go arbitrarily far, so just return integer.\n\nreturn typer_->cache_->kInteger;\n\n}\n\n[...]\n\nreturn Type::Range(min, max, typer_->zone());\n\n} \n \n--- \n \nNow, imagine the compiler processing the following JavaScript code:\n\nfor (var i = initial; i < bound; i += increment) { [...] } \n \n--- \n \nIn short, when the loop has been identified as increasing, the lower bound of initial becomes the lower bound of i, and the upper bound is calculated as the sum of the upper bounds of bound and increment. There\u2019s a similar branch for decreasing loops, and a special case for variables that can be both increasing and decreasing. The loop variable is named phi in the method because TurboFan operates on an intermediate representation in the [static single assignment](<https://en.wikipedia.org/wiki/Static_single_assignment_form>) form.\n\nNote that the algorithm only works with integers, otherwise a more conservative estimation method is applied. However, in this context an integer refers to a rather special type, which isn\u2019t bound to any machine integer type and can be represented as a floating point value in memory. The type holds two unusual properties that have made the vulnerability possible:\n\n * +Infinity and -Infinity belong to it, whereas NaN and -0 don\u2019t.\n * The type is not closed under addition, i.e., adding two integers doesn\u2019t always result in an integer. Namely, +Infinity + -Infinity yields NaN.\n\nThus, for the following loop the algorithm infers (-Infinity; +Infinity) as the induction variable type, while the actual value after the first iteration of the loop will be NaN:\n\nfor (var i = -Infinity; i < 0; i += Infinity) { } \n \n--- \n \nThis one line is enough to trigger the issue. The exploit author has had to make only two minor changes: (1) parametrize increment in order to make the value of i match the future inferred type during initial invocations in the interpreter and (2) introduce an extra variable to ensure the loop eventually ends. As a result, after deobfuscation, the relevant part of the trigger function looks as follows:\n\nfunction trigger(argument) {\n\nvar j = 0;\n\nvar increment = 100;\n\nif (argument > 2) {\n\nincrement = Infinity;\n\n}\n\nfor (var i = -Infinity; i <= -Infinity; i += increment) {\n\nj++;\n\nif (j == 20) {\n\nbreak;\n\n}\n\n}\n\n[...] \n \n--- \n \nThe resulting type mismatch, however, doesn\u2019t immediately let the attacker run arbitrary code. Given that the previously widely used bounds check elimination technique is no longer applicable, we were particularly interested to learn how the attacker approached exploiting the issue. \n\n### Exploitation\n\nThe trigger function continues with a series of operations aimed at transforming the type mismatch into an integer range miscalculation, similarly to what would follow in the previous technique, but with the additional requirement that the computed range must be narrowed down to a single number. Since the discovered exploit targets mobile devices, the exact instruction sequence used in the exploit only works for ARM processors. For the ease of the reader, we've modified it to be compatible with x64 as well.\n\n[...]\n\n// The comments display the current value of the variable i, the type\n\n// inferred by the compiler, and the machine type used to store\n\n// the value at each step.\n\n// Initially:\n\n// actual = NaN, inferred = (-Infinity, +Infinity)\n\n// representation = double\n\ni = Math.max(i, 0x100000800);\n\n// After step one:\n\n// actual = NaN, inferred = [0x100000800; +Infinity)\n\n// representation = double\n\ni = Math.min(0x100000801, i);\n\n// After step two:\n\n// actual = -0x8000000000000000, inferred = [0x100000800, 0x100000801]\n\n// representation = int64_t\n\ni -= 0x1000007fa;\n\n// After step three:\n\n// actual = -2042, inferred = [6, 7]\n\n// representation = int32_t\n\ni >>= 1;\n\n// After step four:\n\n// actual = -1021, inferred = 3\n\n// representation = int32_t\n\ni += 10;\n\n// After step five:\n\n// actual = -1011, inferred = 13\n\n// representation = int32_t\n\n[...] \n \n--- \n \nThe first notable transformation occurs in step two. TurboFan decides that the most appropriate representation for i at this point is a 64-bit integer as the inferred range is entirely within int64_t, and emits the CVTTSD2SI instruction to convert the double argument. Since NaN doesn\u2019t fit in the integer range, the instruction returns the [\u201cindefinite integer value\u201d](<https://www.felixcloutier.com/x86/cvttss2si>) -0x8000000000000000. In the next step, the compiler determines it can use the even narrower int32_t type. It discards the higher 32-bit word of i, assuming that for the values in the given range it has the same effect as subtracting 0x100000000, and then further subtracts 0x7fa. The remaining two operations are straightforward; however, one might wonder why the attacker couldn\u2019t make the compiler derive the required single-value type directly in step two. The answer lies in the optimization pass called the constant-folding reducer.\n\nReduction ConstantFoldingReducer::Reduce(Node* node) {\n\nDisallowHeapAccess no_heap_access;\n\nif (!NodeProperties::IsConstant(node) && NodeProperties::IsTyped(node) &&\n\nnode->op()->HasProperty(Operator::kEliminatable) &&\n\nnode->opcode() != IrOpcode::kFinishRegion) {\n\nNode* constant = TryGetConstant(jsgraph(), node);\n\nif (constant != nullptr) {\n\nReplaceWithValue(node, constant);\n\nreturn Replace(constant);\n\n[...] \n \n--- \n \nIf the reducer discovered that the output type of the NumberMin operator was a constant, it would replace the node with a reference to the constant thus eliminating the type mismatch. That doesn\u2019t apply to the SpeculativeNumberShiftRight and SpeculativeSafeIntegerAdd nodes, which represent the operations in steps four and five while the reducer is running, because they both are capable of triggering deoptimization and therefore not marked as eliminable.\n\nFormerly, the next step would be to abuse this mismatch to optimize away an array bounds check. Instead, the attacker makes use of the incorrectly typed value to create a JavaScript array for which bounds checks always pass even outside the compiled function. Consider the following method, which attempts to optimize array constructor calls:\n\nReduction JSCreateLowering::ReduceJSCreateArray(Node* node) {\n\n[...]\n\n} else if (arity == 1) {\n\nNode* length = NodeProperties::GetValueInput(node, 2);\n\nType length_type = NodeProperties::GetType(length);\n\nif (!length_type.Maybe(Type::Number())) {\n\n// Handle the single argument case, where we know that the value\n\n// cannot be a valid Array length.\n\nelements_kind = GetMoreGeneralElementsKind(\n\nelements_kind, IsHoleyElementsKind(elements_kind)\n\n? HOLEY_ELEMENTS\n\n: PACKED_ELEMENTS);\n\nreturn ReduceNewArray(node, std::vector<Node*>{length}, *initial_map,\n\nelements_kind, allocation,\n\nslack_tracking_prediction);\n\n}\n\nif (length_type.Is(Type::SignedSmall()) && length_type.Min() >= 0 &&\n\nlength_type.Max() <= kElementLoopUnrollLimit &&\n\nlength_type.Min() == length_type.Max()) {\n\nint capacity = static_cast<int>(length_type.Max());\n\nreturn ReduceNewArray(node, length, capacity, *initial_map,\n\nelements_kind, allocation,\n\nslack_tracking_prediction);\n\n[...] \n \n--- \n \nWhen the argument is known to be an integer constant less than 16, the compiler inlines the array creation procedure and unrolls the element initialization loop. ReduceJSCreateArray doesn\u2019t rely on the constant-folding reducer and implements its own less strict equivalent that just compares the upper and lower bounds of the inferred type. Unfortunately, even after folding the function keeps using the original argument node. The folded value is employed during initialization of the backing store while the length property of the array is set to the original node. This means that if we pass the value we obtained at step five to the constructor, it will return an array with the negative length and backing store that can fit 13 elements. Given that bounds checks are implemented as unsigned comparisons, the \u0441rafted array will allow us to access data well past its end. In fact, any positive value bigger than its predicted version would work as well.\n\nThe rest of the trigger function is provided below:\n\n[...]\n\ncorrupted_array = Array(i);\n\ncorrupted_array[0] = 1.1;\n\nptr_leak_array = [wasm_module, array_buffer, [...],\n\nwasm_module, array_buffer];\n\nextra_array = [13.37, [...], 13.37, 1.234];\n\nreturn [corrupted_array, ptr_leak_array, extra_array];\n\n} \n \n--- \n \nThe attacker forces TurboFan to put the data required for further exploitation right next to the corrupted array and to use the double element type for the backing store as it\u2019s the most convenient type for dealing with out-of-bounds data in the V8 heap.\n\nFrom this point on, the exploit follows the same algorithm that public V8 exploits have been following for several years:\n\n 1. Locate the required pointers and object fields through pattern-matching.\n 2. Construct an arbitrary memory access primitive using an extra JavaScript array and ArrayBuffer.\n 3. Follow the pointer chain from a WebAssembly module instance to locate a writable and executable memory page.\n 4. Overwrite the body of a WebAssembly function inside the page with the attacker\u2019s payload.\n 5. Finally, execute it.\n\nThe contents of the payload, which is about half a megabyte in size, will be discussed in detail in a subsequent blog post.\n\nGiven that the vast majority of Chrome exploits we have seen at Project Zero come from either exploit competitions or VRP submissions, the most striking difference this exploit has demonstrated lies in its focus on stability and reliability. Here are some examples. Almost the entire exploit is executed inside a web worker, which means it has a separate JavaScript environment and runs in its own thread. This greatly reduces the chance of the garbage collector causing an accidental crash due to the inconsistent heap state. The main thread part is only responsible for restarting the worker in case of failure and passing status information to the attacker\u2019s server. The exploit attempts to further reduce the time window for GC crashes by ensuring that every corrupted field is restored to the original value as soon as possible. It also employs the OOB access primitive early on to verify the processor architecture information provided in the user agent header. Finally, the author has clearly aimed to keep the number of hard-coded constants to a minimum. Despite supporting a wide range of Chrome versions, the exploit relies on a single version-dependent offset, namely, the offset in the WASM instance to the executable page pointer.\n\n### Patch 1\n\nEven though there\u2019s evidence this vulnerability has been originally used as a 0-day, by the time we obtained the exploit, it had already been fixed. The issue was [reported to Chrome](<https://bugs.chromium.org/p/chromium/issues/detail?id=1028863>) by security researchers Soyeon Park and Wen Xu in November 2019 and was assigned CVE-2019-13764. The proof of concept provided in the report is shown below:\n\nfunction write(begin, end, step) {\n\nfor (var i = begin; i >= end; i += step) {\n\nstep = end - begin;\n\nbegin >>>= 805306382;\n\n}\n\n}\n\nvar buffer = new ArrayBuffer(16384);\n\nvar view = new Uint32Array(buffer);\n\nfor (let i = 0; i < 10000; i++) {\n\nwrite(Infinity, 1, view[65536], 1);\n\n} \n \n--- \n \nAs the reader can see, it\u2019s not the most straightforward way to trigger the issue. The code resembles fuzzer output, and the reporters confirmed that the bug had been found through fuzzing. Given the available evidence, we\u2019re fully confident that it was an independent discovery (sometimes referred to as a \"bug collision\").\n\nSince the proof of concept could only lead to a SIGTRAP crash, and the reporters hadn\u2019t demonstrated, for example, a way to trigger memory corruption, it was initially considered a low-severity issue by the V8 engineers, however, after an internal discussion, the V8 team raised the severity rating to high.\n\nIn the light of the in-the-wild exploitation evidence, we decided to give [the fix](<https://chromium.googlesource.com/v8/v8.git/+/b8b6075021ade0969c6b8de9459cd34163f7dbe1>), which had introduced an explicit check for the NaN case, a thorough examination:\n\n[...]\n\nconst bool both_types_integer =\n\ninitial_type.Is(typer_->cache_->kInteger) &&\n\nincrement_type.Is(typer_->cache_->kInteger);\n\nbool maybe_nan = false;\n\n// The addition or subtraction could still produce a NaN, if the integer\n\n// ranges touch infinity.\n\nif (both_types_integer) {\n\nType resultant_type =\n\n(arithmetic_type == InductionVariable::ArithmeticType::kAddition)\n\n? typer_->operation_typer()->NumberAdd(initial_type,\n\nincrement_type)\n\n: typer_->operation_typer()->NumberSubtract(initial_type,\n\nincrement_type);\n\nmaybe_nan = resultant_type.Maybe(Type::NaN());\n\n}\n\n// We only handle integer induction variables (otherwise ranges\n\n// do not apply and we cannot do anything).\n\nif (!both_types_integer || maybe_nan) {\n\n[...] \n \n--- \n \nThe code makes the assumption that the loop variable may only become NaN if the sum or difference of initial and increment is NaN. At first sight, it seems like a fair assumption. The issue arises from the fact that the value of increment can be changed from inside the loop, which isn\u2019t obvious from the exploit but demonstrated in the proof of concept sent to Chrome. The typer takes into account these changes and reflects them in increment\u2019s computed type. Therefore, the attacker can, for example, add negative increment to i until the latter becomes -Infinity, then change the sign of increment and force the loop to produce NaN once more, as demonstrated by the code below:\n\nvar increment = -Infinity;\n\nvar k = 0;\n\nfor (var i = 0; i < 1; i += increment) {\n\nif (i == -Infinity) {\n\nincrement = +Infinity;\n\n}\n\nif (++k > 10) {\n\nbreak;\n\n}\n\n} \n \n--- \n \nThus, to \u201crevive\u201d the entire exploit, the attacker only needs to change a couple of lines in trigger.\n\n### Patch 2\n\nThe discovered variant was [reported to Chrome](<https://bugs.chromium.org/p/chromium/issues/detail?id=1051017>) in February along with the exploitation technique found in the exploit. This time [the patch](<https://chromium.googlesource.com/v8/v8.git/+/a2e971c56d1c46f7c71ccaf33057057308cc8484>) took a more conservative approach and made the function bail out as soon as the typer detects that increment can be Infinity.\n\n[...]\n\n// If we do not have enough type information for the initial value or\n\n// the increment, just return the initial value's type.\n\nif (initial_type.IsNone() ||\n\nincrement_type.Is(typer_->cache_->kSingletonZero)) {\n\nreturn initial_type;\n\n}\n\n// We only handle integer induction variables (otherwise ranges do not\n\n// apply and we cannot do anything). Moreover, we don't support infinities\n\n// in {increment_type} because the induction variable can become NaN\n\n// through addition/subtraction of opposing infinities.\n\nif (!initial_type.Is(typer_->cache_->kInteger) ||\n\n!increment_type.Is(typer_->cache_->kInteger) ||\n\nincrement_type.Min() == -V8_INFINITY ||\n\nincrement_type.Max() == +V8_INFINITY) {\n\n[...] \n \n--- \n \nAdditionally, ReduceJSCreateArray [was updated](<https://chromium.googlesource.com/v8/v8.git/+/6516b1ccbe6f549d2aa2fe24510f73eb3a33b41a>) to always use the same value for both the length property and backing store capacity, thus rendering the reported exploitation technique useless.\n\nUnfortunately, the new patch contained an unintended change that introduced another security issue. If we look at [the source code](<https://chromium.googlesource.com/v8/v8.git/+/0da7ca8781c6c7ec852bef845b72ca7f212cdc23/src/compiler/typer.cc#845>) of TypeInductionVariablePhi before the patches, we find that it checks whether the type of increment is limited to the constant zero. In this case, it assigns the type of initial to the induction variable. The second patch moved the check above the line that ensures initial is an integer. In JavaScript, however, adding or subtracting zero doesn\u2019t necessarily preserve the type, for example:\n\n| \n\n| \n\n-0\n\n| \n\n+\n\n| \n\n0\n\n| \n\n=>\n\n| \n\n-0 \n \n---|---|---|---|---|---|--- \n \n| \n\n| \n\n[string]\n\n| \n\n-\n\n| \n\n0\n\n| \n\n=>\n\n| \n\n[number] \n \n| \n\n| \n\n[object]\n\n| \n\n+\n\n| \n\n0\n\n| \n\n=>\n\n| \n\n[string] \n \nAs a result, the patched function provides us with an even wider choice of possible \u201ctype confusions\u201d.\n\nIt was considered worthwhile to examine how difficult it would be to find a replacement for the ReduceJSCreateArray technique and exploit the new issue. The task turned out to be a lot easier than initially expected because we soon found [this excellent blog post](<https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/>) written by Jeremy Fetiveau, where he describes a way to bypass the initial bounds check elimination hardening. In short, depending on whether the engine has encountered an out-of-bounds element access attempt during the execution of a function in the interpreter, it instructs the compiler to emit either the CheckBounds or NumberLessThan node, and only the former is covered by the hardening. Consequently, the attacker just needs to make sure that the function attempts to access a non-existent array element in one of the first few invocations.\n\nWe find it interesting that even though this equally powerful and convenient technique has been publicly available since last May, the attacker has chosen to rely on their own method. It is conceivable that the exploit had been developed even before the blog post came out.\n\nOnce again, the technique requires an integer with a miscalculated range, so the revamped trigger function mostly consists of various type transformations:\n\nfunction trigger(arg) {\n\n// Initially:\n\n// actual = 1, inferred = any\n\nvar k = 0;\n\narg = arg | 0;\n\n// After step one:\n\n// actual = 1, inferred = [-0x80000000, 0x7fffffff]\n\narg = Math.min(arg, 2);\n\n// After step two:\n\n// actual = 1, inferred = [-0x80000000, 2]\n\narg = Math.max(arg, 1);\n\n// After step three:\n\n// actual = 1, inferred = [1, 2]\n\nif (arg == 1) {\n\narg = \"30\";\n\n}\n\n// After step four:\n\n// actual = string{30}, inferred = [1, 2] or string{30}\n\nfor (var i = arg; i < 0x1000; i -= 0) {\n\nif (++k > 1) {\n\nbreak;\n\n}\n\n}\n\n// After step five:\n\n// actual = number{30}, inferred = [1, 2] or string{30}\n\ni += 1;\n\n// After step six:\n\n// actual = 31, inferred = [2, 3]\n\ni >>= 1;\n\n// After step seven:\n\n// actual = 15, inferred = 1\n\ni += 2;\n\n// After step eight:\n\n// actual = 17, inferred = 3\n\ni >>= 1;\n\n// After step nine:\n\n// actual = 8, inferred = 1\n\nvar array = [0.1, 0.1, 0.1, 0.1];\n\nreturn [array[i], array];\n\n} \n \n--- \n \nThe mismatch between the number 30 and string \u201c30\u201d occurs in step five. The next operation is represented by the SpeculativeSafeIntegerAdd node. The typer is aware that whenever this node encounters a non-number argument, it immediately triggers deoptimization. Hence, all non-number elements of the argument type can be ignored. The unexpected integer value, which obviously doesn\u2019t cause the deoptimization, enables us to generate an erroneous range. Eventually, the compiler eliminates the NumberLessThan node, which is supposed to protect the element access in the last line, based on the observed range.\n\n### Patch 3\n\nSoon after we had identified the regression, the V8 team landed [a patch](<https://chromium.googlesource.com/v8/v8.git/+/68099bffaca0b4cfa10eb0178606aa55fd85d8ef>) that removed the vulnerable code branch. They also took a number of additional hardening measures, for example:\n\n * Extended [element access hardening](<https://chromium.googlesource.com/v8/v8.git/+/fa5fc748e53ad9d3ca44050d07659e858dbffd94>), which now prevents the abuse of NumberLessThan nodes.\n * Discovered and [fixed a similar problem](<https://chromium.googlesource.com/v8/v8.git/+/c85aa83087e7146281a95369cadf943ef78bf321>) with the elimination of MaybeGrowFastElements. Under certain conditions, this node, which may resize the backing store of a given array, is placed before StoreElement to ensure the array can fit the element. Consequently, the elimination of the node could allow an attacker to write data past the end of the backing store.\n * [Implemented a verifier](<https://chromium.googlesource.com/v8/v8.git/+/e440eda4ad9bfd8983c9896de574556e8eaee406>) for induction variables that validates the computed type against the more conservative regular phi typing.\n\nFurthermore, the V8 engineers have been working on [a feature](<https://chromium.googlesource.com/v8/v8.git/+/2e82ead865d088890bbfd14abfb22b8055b35394>) that allows TurboFan to insert runtime type checks into generated code. The feature should make fuzzing for typer issues much more efficient.\n\n### Conclusion\n\nThis blog post is meant to provide insight into the complexity of type tracking in JavaScript. The number of obscure rules and constraints an engineer has to bear in mind while working on the feature almost inevitably leads to errors, and, quite often even the slightest issue in the typer is enough to build a powerful and reliable exploit.\n\nAlso, the reader is probably familiar with the hypothesis of an enormous disparity between the state of public and private offensive security research. The fact that we\u2019ve discovered a rather sophisticated attacker who has exploited a vulnerability in the class that has been under the scrutiny of the wider security community for at least a couple of years suggests that there\u2019s nevertheless a certain overlap. Moreover, we were especially pleased to see a bug collision between a VRP submission and an in-the-wild 0-day exploit.\n\nThis is part 2 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To continue reading, see [In The Wild Part 3: Chrome Exploits](<https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html>).\n", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "GOOGLEPROJECTZERO:3397E6EF67D4C71C395ED0244548698A", "href": "https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html", "type": "googleprojectzero", "title": "\nIn-the-Wild Series: Chrome Infinity Bug\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-13T07:23:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-5070", "CVE-2019-13764", "CVE-2019-5782", "CVE-2020-6418"], "description": "This is part 3 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the [introduction post](<https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html>).\n\nPosted by Sergei Glazunov, Project Zero\n\n### Introduction\n\nAs we continue the series on the watering hole attack discovered in early 2020, in this post we\u2019ll look at the rest of the exploits used by the actor against Chrome. A timeline chart depicting the extracted exploits and affected browser versions is provided below. Different color shades represent different exploit versions.\n\n[](<https://1.bp.blogspot.com/-zWgmKrcnjv8/X_4pAn_ymUI/AAAAAAAAanU/fBqLBzSDt7ks8lax9SI1f-QkmTj31k-JwCNcBGAsYHQ/s1359/timeline.png>)\n\nAll vulnerabilities used by the attacker are in V8, Chrome\u2019s JavaScript engine; and more specifically, they are JIT compiler bugs. While classic C++ memory safety issues are still [exploited in real-world attacks](<https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/>) against web browsers, vulnerabilities in JIT offer many advantages to attackers. First, they usually provide more powerful primitives that can be easily turned into a reliable exploit without the need of a separate issue to, for example, break ASLR. Secondly, the majority of them are almost interchangeable, which significantly accelerates exploit development. Finally, bugs from this class allow the attacker to take advantage of a browser feature called web workers. Web developers use workers to execute additional tasks in a separate JavaScript environment. The fact that every worker runs in its own thread and has its own V8 heap makes exploitation significantly more predictable and stable.\n\nThe bugs themselves aren\u2019t novel. In fact, three out of four issues have been independently discovered by external security researchers and reported to Chrome, and two of the reports even provided a full renderer exploit. While writing this post, we were more interested in learning about exploitation techniques and getting insight into a high-tier attacker\u2019s exploit development process.\n\n### 1\\. CVE-2017-5070\n\n#### The vulnerability\n\nThis is an issue in Crankshaft, the JIT engine Chrome used before TurboFan. The alias analyzer, which is used by several optimization passes to determine whether two nodes may refer to the same object, produces incorrect results when one of the two nodes is a constant. Consider the following code, which has been extracted from one of the exploits:\n\nglobal_array = [, 1.1];\n\nfunction trigger(local_array) {\n\nvar temp = global_array[0];\n\nlocal_array[1] = {};\n\nreturn global_array[1];\n\n}\n\ntrigger([, {}]);\n\ntrigger([, 1.1]);\n\nfor (var i = 0; i < 10000; i++) {\n\ntrigger([, {}]);\n\n}\n\nprint(trigger(global_array)); \n \n--- \n \nThe first line of the trigger function makes Crankshaft perform a map check on global_array (a map in V8 describes the \u201cshape\u201d of an object and includes the element representation information). The next line may trigger the double -> tagged element representation transition for local_array. Since the compiler incorrectly assumes that local_array and global_array can\u2019t point to the same object, it doesn\u2019t invalidate the recorded map state of global_array and, consequently, eliminates the \u201credundant\u201d map check in the last line of the function.\n\nThe vulnerability grants an attacker a two-way type confusion between a JS object pointer and an unboxed double, which is a powerful primitive and is sufficient for a reliable exploit.\n\nThe issue was [reported to Chrome](<https://bugs.chromium.org/p/chromium/issues/detail?id=722756>) by security researcher Qixun Zhao (@S0rryMybad) in May 2017 and fixed in the initial release of Chrome 59. The researcher also provided a renderer exploit. [The fix](<https://chromium.googlesource.com/v8/v8.git/+/e33fd30777f99a0d6e16b16d096a2663b1031457>) made made the alias analyser use the constant comparison only when both arguments are constants:\n\nHAliasing Query(HValue* a, HValue* b) {\n\n[...]\n\n// Constant objects can be distinguished statically.\n\n- if (a->IsConstant()) {\n\n+ if (a->IsConstant() && b->IsConstant()) {\n\nreturn a->Equals(b) ? kMustAlias : kNoAlias;\n\n}\n\nreturn kMayAlias; \n \n--- \n \n#### Exploit 1\n\nThe earliest exploit we\u2019ve discovered targets Chrome 37-58. This is the widest version range we\u2019ve seen, which covers the period of almost three years. Unlike the rest of the exploits, this one contains a separate constant table for every supported browser build.\n\nThe author of the exploit takes a [known approach](<http://phrack.org/papers/attacking_javascript_engines.html>) to exploiting type confusions in JavaScript engines, which involves gaining the arbitrary read/write capability as an intermediate step. The exploit employs the issue to implement the addrof and fakeobj primitives. It \u201cconstructs\u201d a fake ArrayBuffer object inside a JavaScript string, and uses the above primitives to obtain a reference to the fake object. Because strings in JS are immutable, the backing store pointer field of the fake ArrayBuffer can\u2019t be modified. Instead, it\u2019s set in advance to point to an extra ArrayBuffer, which is actually used for arbitrary memory access. Finally, the exploit follows a pointer chain to locate and overwrite the code of a JIT compiled function, which is stored in a RWX memory region.\n\nThe exploit is quite an impressive piece of engineering. For example, it includes a small framework for crafting fake JS objects, which supports assigning fields to real JS objects, fake sub-objects, tagged integers, etc. Since the bug can only be triggered once per JIT-compiled function, every time addrof or fakeobj is called, the exploit dynamically generates a new set of required objects and functions using eval.\n\nThe author also made significant efforts to increase the reliability of the exploit: there is a sanity check at every minor step; addrof stores all leaked pointers, and the exploit ensures they are still valid before accessing the fake object; fakeobj creates a giant string to store the crafted object contents so it gets allocated in the large object space, where objects aren\u2019t moved by the garbage collector. And, of course, the exploit runs inside a web worker.\n\nHowever, despite the efforts, the amount of auxiliary code and complexity of the design make accidental crashes quite probable. Also, the constructed fake buffer object is only well-formed enough to be accepted as an argument to the typed array constructor, but it\u2019s unlikely to survive a GC cycle. Reliability issues are the likely reason for the existence of the second exploit.\n\n#### Exploit 2\n\nThe second exploit for the same vulnerability aims at Chrome 47-58, i.e. a subrange of the previous exploit\u2019s supported version range, and the exploit server always gives preference to the second exploit. The version detection is less strict, and there are just three distinct constant tables: for Chrome 47-49, 50-53 and 54-58.\n\nThe general approach is similar, however, the new exploit seems to have been rewritten from scratch with simplicity and conciseness in mind as it\u2019s only half the size of the previous one. addrof is implemented in a way that allows leaking pointers to three objects at a time and only used once, so the dynamic generation of trigger functions is no longer needed. The exploit employs mutable on-heap typed arrays instead of JS strings to store the contents of fake objects; therefore, an extra level of indirection in the form of an additional ArrayBuffer is not required. Another notable change is using a RegExp object for code execution. The possible benefit here is that, unlike a JS function, which needs to be called many times to get JIT-compiled, a regular expression gets translated into native code already in the constructor.\n\nWhile it\u2019s possible that the exploits were written after the issue had become public, they greatly differ from the public exploit in both the design and implementation details. The attacker has thoroughly investigated the issue, for example, their trigger function is much more straightforward than in the public [proof-of-concept](<https://chromium.googlesource.com/v8/v8/+/e33fd30777f99a0d6e16b16d096a2663b1031457/test/mjsunit/regress/regress-crbug-722756.js>).\n\n### 2\\. CVE-2020-6418\n\n#### The vulnerability\n\nThis is a side effect modelling issue in TurboFan. The function InferReceiverMapsUnsafe assumes that a JSCreate node can only modify the map of its value output. However, in reality, the node can trigger a property access on the new_target parameter, which is observable to user JavaScript if new_target is a proxy object. Therefore, the attacker can unexpectedly change, for example, the element representation of a JS array and trigger a type confusion similar to the one discussed above:\n\n'use strict';\n\n(function() {\n\nvar popped;\n\nfunction trigger(new_target) {\n\nfunction inner(new_target) {\n\nfunction constructor() {\n\npopped = Array.prototype.pop.call(array);\n\n}\n\nvar temp = array[0];\n\nreturn Reflect.construct(constructor, arguments, new_target);\n\n}\n\ninner(new_target);\n\n}\n\nvar array = new Array(0, 0, 0, 0, 0);\n\nfor (var i = 0; i < 20000; i++) {\n\ntrigger(function() { });\n\narray.push(0);\n\n}\n\nvar proxy = new Proxy(Object, {\n\nget: () => (array[4] = 1.1, Object.prototype)\n\n});\n\ntrigger(proxy);\n\nprint(popped);\n\n}()); \n \n--- \n \nA call reducer (i.e., an optimizer) for Array.prototype.pop invokes InferReceiverMapsUnsafe, which marks the inference result as reliable meaning that it doesn\u2019t require a runtime check. When the proxy object is passed to the vulnerable function, it triggers the tagged -> double element transition. Then pop takes a double element and interprets it as a tagged pointer value.\n\nNote that the attacker can\u2019t call the array function directly because for the expression array.pop() the compiler would insert an extra map check for the property read, which would be scheduled after the proxy handler had modified the array.\n\nThis is the only Chrome vulnerability that was still exploited as a 0-day at the time we discovered the exploit server. The issue was [reported to Chrome](<https://bugs.chromium.org/p/chromium/issues/detail?id=1053604>) under the 7-day deadline. [The one-line patch](<https://chromium.googlesource.com/v8/v8.git/+/fb0a60e15695466621cf65932f9152935d859447>) modified the vulnerable function to mark the result of the map inference as unreliable whenever it encounters a JSCreate node:\n\nInferReceiverMapsResult NodeProperties::InferReceiverMapsUnsafe(\n\n[...]\n\nInferReceiverMapsResult result = kReliableReceiverMaps;\n\n[...]\n\ncase IrOpcode::kJSCreate: {\n\nif (IsSame(receiver, effect)) {\n\nbase::Optional<MapRef> initial_map = GetJSCreateMap(broker, receiver);\n\nif (initial_map.has_value()) {\n\n*maps_return = ZoneHandleSet<Map>(initial_map->object());\n\nreturn result;\n\n}\n\n// We reached the allocation of the {receiver}.\n\nreturn kNoReceiverMaps;\n\n}\n\n+ result = kUnreliableReceiverMaps; // JSCreate can have side-effect.\n\nbreak;\n\n}\n\n[...] \n \n--- \n \nThe reader can refer to [the blog post](<https://blog.exodusintel.com/2020/02/24/a-eulogy-for-patch-gapping-chrome/>) published by Exodus Intel for more details on the issue and their version of the exploit.\n\n#### Exploit 1\n\nThis time there\u2019s no embedded list of supported browser versions; the appropriate constants for Chrome 60-63 are determined on the server side.\n\nThe exploit takes a rather exotic approach: it only implements a function for the confusion in the double -> tagged direction, i.e. the fakeobj primitive, and takes advantage of a side effect in pop to leak a pointer to the internal hole object. The function pop overwrites the \u201cpopped\u201d value with the hole, but due to the same confusion it writes a pointer instead of the special bit pattern for double arrays.\n\nThe exploit uses the leaked pointer and fakeobj to implement a data leak primitive that can \u201csurvive'' garbage collection. First, it acquires references to two other internal objects, the class_start_position and class_end_position private [symbols](<https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol>), owing to the fact that the offset between them and the hole is fixed. Private symbols are special identifiers used by V8 to store hidden properties inside regular JS objects. In particular, the two symbols refer to the start and end substring indices in the script source that represent the body of a class. When JSFunction::ToString is invoked on the class constructor and builds the substring, it performs no bounds checks on the \u201ctrustworthy\u201d indices; therefore, the attacker can modify them to leak arbitrary chunks of data in the V8 heap.\n\nThe obtained data is scanned for values required to craft a fake typed array: maps, fixed arrays, backing store pointers, etc. This approach allows the attacker to construct a perfectly valid fake object. Since the object is located in a memory region outside the V8 heap, the exploit also has to create a fake MemoryChunk header and marking bitmap to force the garbage collector to skip the crafted objects and, thus, avoid crashes.\n\nFinally, the exploit overwrites the code of a JIT-compiled function with a payload and executes it.\n\nThe author has implemented extensive sanity checking. For example, the data leak primitive is reused to verify that the garbage collector hasn\u2019t moved critical objects. In case of a failure, the worker with the exploit gets terminated before it can cause a crash. Quite impressively, even when we manually put GC invocations into critical sections of the exploit, it was still able to exit gracefully most of the time.\n\nThe exploit employs an interesting technique to detect whether the trigger function has been JIT-compiled:\n\njit_detector[Symbol.toPrimitive] = function() {\n\nvar stack = (new Error).stack;\n\nif (stack.indexOf(\"Number (\") == -1) {\n\njit_detector.is_compiled = true;\n\n}\n\n};\n\nfunction trigger(array, proxy) {\n\nif (!jit_detector.is_compiled) {\n\nNumber(jit_detector);\n\n}\n\n[...] \n \n--- \n \nDuring compilation, TurboFan inlines the builtin function Number. This change is reflected in the JS call stack. Therefore, the attacker can scan a stack trace from inside a function that Number invokes to determine the compilation state.\n\nThe exploit was broken in Chrome 64 by [the change](<https://chromium.googlesource.com/v8/v8/+/52ab610bd13>) that encapsulated both class body indices in a single internal object. Although the change only affected a minor detail of the exploit and had an obvious workaround, which is discussed below, the actor decided to abandon this 0-day and switch to an exploit for CVE-2019-5782. This observation suggests that the attacker was already aware of the third vulnerability around the time Chrome 64 came out, i.e. it was also used as a 0-day.\n\n#### Exploit 2\n\nAfter CVE-2019-5782 became unexploitable, the actor returned to this vulnerability. However, in the meantime, [another commit](<https://chromium.googlesource.com/v8/v8/+/ccbbdb93a1c6f38422097738a830c137576d92fd>) landed in Chrome that stopped TurboFan from trying to optimize builtins invoked via Function.prototype.call or similar functions. Therefore, the trigger function had to be updated:\n\nfunction trigger(new_target) {\n\nfunction inner(new_target) {\n\npopped = array.pop(\n\nReflect.construct(function() { }, arguments, new_target));\n\n}\n\ninner(new_target);\n\n} \n \n--- \n \nBy making the result of Reflect.construct an argument to the pop call, the attacker can move the corresponding JSCreate node after the map check induced by the property load.\n\nThe new exploit also has a modified data leak primitive. First, the attacker no longer relies on the side effect in pop to get an address on the heap and reuses the type confusion to implement the addrof function. Because the exploit doesn\u2019t have a reference to the hole, it obtains the address of the builtin asyncIterator symbol instead, which is accessible to user scripts and also stored next to the desired class_positions private symbol.\n\nThe exploit can\u2019t modify the class body indices directly as they\u2019re not regular properties of the object referenced by class_positions. However, it can replace the entire object, so it generates an extra class with a much longer constructor string and uses it as a donor.\n\nThis version targets Chrome 68-72. It was broken by [the commit](<https://chromium.googlesource.com/v8/v8.git/+/f7aa8ea00bbf200e9050a22ec84fab4f323849a7%5E%21/>) that enabled the W^X protection for JIT regions. Again, given that there are still similar RWX mappings in the renderer related to WebAssembly, the exploit could have been easily fixed. The attacker, nevertheless, decided to focus on an exploit for CVE-2019-13764 instead.\n\n#### Exploit 3 & 4\n\nThe actor returned once again to this vulnerability after CVE-2019-13764 got fixed. The new exploit bypasses the W^X protection by replacing a JIT-compiled JS function with a WebAssembly function as the overwrite target for code execution. That\u2019s the only significant change made by the author.\n\nExploit 3 is the only one we\u2019ve discovered on the Windows server, and Exploit 4 is essentially the same exploit adapted for Android. Interestingly, it only appeared on the Android server after the fix for the vulnerability came out. A significant amount of number and string literals got updated, and the pop call in the trigger function was replaced with a shift call. The actor likely attempted to avoid signature-based detection with those changes.\n\nThe exploits were used against Chrome 78-79 on Windows and 78-80 on Android until the vulnerability finally got patched.\n\n[The public exploit](<https://blog.exodusintel.com/wp-content/uploads/2020/05/exp.zip>) presented by Exodus Intel takes a completely different approach and abuses the fact that double and tagged pointer elements differ in size. When the same bug is applied against the function Array.prototype.push, the backing store offset for the new element is calculated incorrectly and, therefore, arbitrary data gets written past the end of the array. In this case the attacker doesn\u2019t have to craft fake objects to achieve arbitrary read/write, which greatly simplifies the exploit. However, on 64-bit systems, this approach can only be used starting from Chrome 80, i.e. the version that introduced the [pointer compression](<https://v8.dev/blog/pointer-compression>) feature. While Chrome still runs in the 32-bit mode on Android in order to reduce memory overhead, user agent checks found in the exploits indicate that the actor also targeted (possibly 64-bit) webview processes.\n\n### 3\\. CVE-2019-5782\n\n### The vulnerability\n\nCVE-2019-5782 is an issue in TurboFan\u2019s typer module. During compilation, the typer infers the possible type of every node in a function graph using a set of rules imposed by the language. Subsequent optimization passes rely on this information and can, for example, eliminate a security-critical check when the predicted type suggests the check would be redundant. A mismatch between the inferred type and actual value can, therefore, lead to security issues.\n\nNote that in this context, the notion of type is quite different from, for example, C++ types. A TurboFan type can be represented by a range of numbers or even a specific value. For more information on typer bugs please refer to the [previous post](<https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html>).\n\nIn this case an incorrect type is produced for the expression arguments.length, i.e. the number of arguments passed to a given function. The compiler assigns it the integer range [0; 65534], which is valid for a regular call; however, the same limit is not enforced for Function.prototype.apply. The mismatch was abused by the attacker to eliminate a bounds check and access data past the end of the array:\n\noob_index = 100000;\n\nfunction trigger() {\n\nlet array = [1.1, 1.1];\n\nlet index = arguments.length;\n\nindex = index - 65534;\n\nindex = Math.max(index, 0);\n\nreturn array[index] = 2.2;\n\n}\n\nfor (let i = 0; i < 20000; i++) {\n\ntrigger(1,2,3);\n\n}\n\nprint(trigger.apply(null, new Array(65534 + oob_index))); \n \n--- \n \nQixun Zhao used the same vulnerability in Tianfu Cup and [reported it to Chrome](<https://bugs.chromium.org/p/chromium/issues/detail?id=906043>) in November 2018. The public report includes a renderer exploit. [The fix](<https://chromium.googlesource.com/v8/v8/+/8e4588915ba7a9d9d744075781cea114d49f0c7b>), which landed in Chrome 72, simply relaxed the range of the length property.\n\n#### The exploit\n\nThe discovered exploit targets Chrome 63-67. The exploit flow is a bit unconventional as it doesn\u2019t rely on typed arrays to gain arbitrary read/write. The attacker makes use of the fact that V8 allocates objects in the new space linearly to precompute inter-object offsets. The vulnerability is only triggered once to corrupt the length property of a tagged pointer array. The corrupted array can then be used repeatedly to overwrite the elements field of an unboxed double array with an arbitrary JS object, which gives the attacker raw access to the contents of that object. It\u2019s worth noting that this approach doesn\u2019t even require performing manual pointer arithmetic. As usual, the exploit finishes by overwriting the code of a JS function with the payload.\n\nInterestingly, this is the only exploit that doesn\u2019t take advantage of running inside a web worker even though the vulnerability is fully compatible. Also, the amount of error checking is significantly smaller than in the previous exploits. The author probably assumed that the exploitation primitive provided by the issue was so reliable that all additional safety measures became unnecessary. Nevertheless, during our testing, we did occasionally encounter crashes when one of the allocations that the exploit makes managed to trigger garbage collection. That said, such crashes were indeed quite rare.\n\nAs the reader may have noticed, the exploit had stopped working long before the issue was fixed. The reason is that [one of the hardening patches](<https://chromium.googlesource.com/v8/v8.git/+/f53dfd934df0c95e1a82680ce87f48b5d60902d1%5E%21/>) against speculative side-channel attacks in V8 broke the bounds check elimination technique used by the exploit. The protection was soon turned off for desktop platforms and replaced with [site isolation](<https://www.chromium.org/Home/chromium-security/site-isolation>); hence, [the public exploit](<https://bugs.chromium.org/p/chromium/issues/detail?id=906043>), which employs the same technique, was successfully used against Chrome 70 on Windows during the competition.\n\nThe public and private exploits have little in common apart from the bug itself and BCE technique, which has been commonly known [since at least 2017](<https://bugs.chromium.org/p/chromium/issues/detail?id=762874>). The public exploit turns out-of-bounds access into a type confusion and then follows the older approach, which involves crafting a fake array buffer object, to achieve code execution.\n\n### 4\\. CVE-2019-13764\n\nThis more complex typer issue occurs when TurboFan doesn\u2019t reflect the possible NaN value in the type of an induction variable. The bug can be triggered by the following code:\n\nfor (var i = -Infinity; i < 0; i += Infinity) { [...] } \n \n--- \n \nThis vulnerability and exploit for Chrome 73-79 have been discussed in detail in [the previous blog post](<https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html>). There\u2019s also an earlier version of the exploit targeting Chrome 69-72; the only difference is that the newer version switched from a JS JIT function to a WASM function as the overwrite target.\n\nThe comparison with the exploit for the previous typer issue (CVE-2019-5782) is more interesting, though. The developer put much greater emphasis on stability of the new exploit even though the two vulnerabilities are identical in this regard. The web worker wrapper is back, and the exploit doesn\u2019t corrupt tagged element arrays to avoid GC crashes. Also, it no longer relies completely on precomputed offsets between objects in the new space. For example, to leak a pointer to a JS object the attacker puts it between marker values and then scans the memory for the matching pattern. Finally, the number of sanity checks is increased again.\n\nIt\u2019s also worth noting that the new typer bug exploitation technique worked against Chrome on Android despite the side-channel attack mitigation and could have \u201crevived\u201d the exploit for CVE-2019-5782.\n\n### Conclusion\n\nThe timeline data and incremental changes between different exploit versions suggest that at least three out of the four vulnerabilities (CVE-2020-6418, CVE-2019-5782 and CVE-2019-13764) have been used as 0-days.\n\nIt is no secret that exploit reliability is a priority for high-tier attackers, but our findings demonstrate the amount of resources the attackers are willing to spend on making their exploits extra reliable, especially the evidence that the actor has switched from an already high-quality 0-day to a slightly better vulnerability twice.\n\nThe area of JIT engine security has received great attention from the wider security community over the last few years. In 2015, when Chrome 37 came out, the exploit for CVE-2017-5070 would be considered quite ahead of its time. In contrast, if we don\u2019t take into account the stability aspect, the exploit for the latest typer issue is not very different from exploits that enthusiasts made for JavaScript challenges at CTF competitions in 2019. This attention also likely affects the average lifetime of a JIT vulnerability and, therefore, may force attackers to move to different bug classes in the future.\n\nThis is part 3 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To continue reading, see [In The Wild Part 4: Android Exploits](<https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-exploits.html>).\n", "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "GOOGLEPROJECTZERO:9523EA61EA974CED8A3D9198CD0D5F6D", "href": "https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html", "type": "googleprojectzero", "title": "\nIn-the-Wild Series: Chrome Exploits\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:34:53", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "**Issue Overview:**\n\nOut of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ([CVE-2019-13734 __](<https://access.redhat.com/security/cve/CVE-2019-13734>))\n\n \n**Affected Packages:** \n\n\nsqlite\n\n \n**Issue Correction:** \nRun _yum update sqlite_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n sqlite-3.7.17-8.amzn2.1.1.aarch64 \n sqlite-devel-3.7.17-8.amzn2.1.1.aarch64 \n lemon-3.7.17-8.amzn2.1.1.aarch64 \n sqlite-tcl-3.7.17-8.amzn2.1.1.aarch64 \n sqlite-debuginfo-3.7.17-8.amzn2.1.1.aarch64 \n \n i686: \n sqlite-3.7.17-8.amzn2.1.1.i686 \n sqlite-devel-3.7.17-8.amzn2.1.1.i686 \n lemon-3.7.17-8.amzn2.1.1.i686 \n sqlite-tcl-3.7.17-8.amzn2.1.1.i686 \n sqlite-debuginfo-3.7.17-8.amzn2.1.1.i686 \n \n noarch: \n sqlite-doc-3.7.17-8.amzn2.1.1.noarch \n \n src: \n sqlite-3.7.17-8.amzn2.1.1.src \n \n x86_64: \n sqlite-3.7.17-8.amzn2.1.1.x86_64 \n sqlite-devel-3.7.17-8.amzn2.1.1.x86_64 \n lemon-3.7.17-8.amzn2.1.1.x86_64 \n sqlite-tcl-3.7.17-8.amzn2.1.1.x86_64 \n sqlite-debuginfo-3.7.17-8.amzn2.1.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-02-17T19:48:00", "published": "2020-02-17T19:48:00", "id": "ALAS2-2020-1394", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1394.html", "title": "Important: sqlite", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-01-29T02:33:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13734"], "description": "**CentOS Errata and Security Advisory** CESA-2020:0227\n\n\nSQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.\n\nSecurity Fix(es):\n\n* sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-January/035616.html\n\n**Affected packages:**\nlemon\nsqlite\nsqlite-devel\nsqlite-doc\nsqlite-tcl\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-01-28T21:28:52", "published": "2020-01-28T21:28:52", "id": "CESA-2020:0227", "href": "http://lists.centos.org/pipermail/centos-announce/2020-January/035616.html", "title": "lemon, sqlite security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
