Search...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

2014-06-13T00:00:00

ID OPENSUSE-2014-178.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-06-13T00:00:00

Description

VLC was updated to version 2.1.3 (bnc#864422) :

Core :

Fix broken behaviour with SOCKSv5 proxies

Fix integer overflow on error when using vlc_readdir

Access :

Fix DVB-T2 tuning on Linux.

Fix encrypted DVD playback.

Fix v4l2 frequency conversion.

Decoders :

Fix numerous issues (M2TS, VC1 interlaced, Lagarith, FFv1.3, Xvid) by updating codec libraries.

Bring fluidsynth back on Mac OS X

Fix some Opus crashes with some filters

Fix teletext crash on Windows

Demuxers :

Avoid an infinite recursion in MKV tags parsing

Fix an issue with some Vobsub tracks

Fix missing samples at the end of some wav files

Fix divide by 0 on ASF/WMV parsing

Audio output :

Fix audio device selection via command line on Mac OS X

Fix audio crashes on Mac OS X

Video Output :

Fix selection of DirectDraw as the default output for XP

Fix transform off-by-one issue

Fix screensaver disabling on Windows outputs

Fix DirectDraw device enumeration and multi-display output

Fix a potential crash when playing a fullscreen game at the same time as VLC

Stream output :

Fix 24bits audio MTU alignment in RTP

Fix record file names

Qt interface :

Fix minimal size possible on start

Fix a crash with the simple volume widget

Fix a crash in the audio menu building

Fix multimedia keys issues on Windows

Fix opening of DVD and BD folders on Windows

HTTP interface: Fix album art display on Windows.

Updated translations.

Add update-desktop-files BuildRequires and %desktop_database_post/postun calls to respective scriptlets: Fix https://bugs.links2linux.org/browse/PM-108

Update to version 2.1.2 :

Audio output :

Fix digital playback on OS X when more than one audio device is installed.

Fix digital playback (SPDIF/HDMI) on Windows.

Fix stuttering or silent playback when using sound enhancers or external audio devices on OS X.

Improve responsiveness on OS X when playback starts or is being paused.

Improve responsiveness, silent playback intervals and reliability on iOS.

Demuxers :

Fix Vimeo and DailyMotion parsing.

Various WMV playback improvements and fixes.

Decoders :

Fix LPCM 20/24-bit decoding and 16 bits with channel padding.

Fix playback of some HEVC samples.

Video filters: Fix crash on deinterlace selection.

Qt interface :

Fix some streaming profiles when copy existed.

Improve A-B loop control.

Fix album art update when changing media.

Mac OS X interface adjustments.

Win32 installer: Kill running VLC process on uninstall/update.

Updated translations.

More features (by adding BuildRequires) :

IDN Support (International Domain Names): libidn-devel

SFTP Access: libssh2-devel

HotKey Support: xcb-util-keysyms-devel

Complete SDL Stack: SDL_image-devel

ProjectM suppor (for openSUSE >= 12.3)

Update to version 2.1.1 :

Core :

Fix random and reshuffling behaviour.

Fix recording.

Fix some subtitles track selection.

Decoders :

VP9 support in WebM.

HEVC/H.265 support in MKV, MP4 and raw files.

Fix GPU decoding under Windows (DxVA2) crashes.

Demuxers :

Fix crashes on wav, mlp and mkv and modplug files.

Support Speex in ogg files.

Fix some .mov playlists support.

Support Alac in mkv.

Fix WMV3 and palette in AVI.

Fix FLAC packetizer issues in some files.

Access :

Fix DVB options parsing.

Fix DeckLink HDMI input.

Fix HTTPS connectivity on OS X by loading root certificates from Keychain.

Audio output :

Fixes for DirectSound pass-through.

Fixes for OSS output, notably on BSD.

Interfaces :

Fix HTTP interface infinite loop.

Fix D-Bus volume setting.

Qt :

Reinstore right click subtitle menu to open a subtitle.

Fix saving the hotkeys in preferences.

Fix saving the audio volume on Win32, using DirectSound.

Fix play after drag'n drop.

Fix streaming options edition and scale parameter.

Stream out :

Fix transcoding audio drift issues.

Fix numerous audio encoding issues.

Win32 installer :

Important rewrite to fix numerous bugs, notably about updates.

Simplification of the upgrade mechanism.

Mac OS X interface :

Reintroduce the language selector known from pre-2.1 releases.

Fix fullscreen behaviour and various crashes.

Fix about dialog crash in Japanese.

Fix crashes on proxy lookups.

Fixes on the playlist and information behaviours.

Fixes on the streaming dialogs.

Improves interface resizings.

Updated translations.

Pass --with-default-font=[path] and

--with-default-monospace-font=[path] to configure.

Drop fix_font_path.patch: replaced with configure parameters above.

Recommend 'vlc' by vlc-qt: some users might go installing the UI package directly. Having Qt most likely also means the user has X, so we at least recommend the vlc package relying on X.

Force creation of plugins cache in vlc-nox %post, instead of just touching the file, for details see https://trac.videolan.org/vlc/ticket/9807#comment:2

Update License: A lot has been relicensed to LGPL-2.1.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-178.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75273);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-3565");

  script_name(english:"openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)");
  script_summary(english:"Check for the openSUSE-2014-178 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"VLC was updated to version 2.1.3 (bnc#864422) :

  + Core :

  - Fix broken behaviour with SOCKSv5 proxies

  - Fix integer overflow on error when using vlc_readdir

  + Access :

  - Fix DVB-T2 tuning on Linux.

  - Fix encrypted DVD playback.

  - Fix v4l2 frequency conversion.

  + Decoders :

  - Fix numerous issues (M2TS, VC1 interlaced, Lagarith,
    FFv1.3, Xvid) by updating codec libraries.

  - Bring fluidsynth back on Mac OS X

  - Fix some Opus crashes with some filters

  - Fix teletext crash on Windows

  + Demuxers :

  - Avoid an infinite recursion in MKV tags parsing

  - Fix an issue with some Vobsub tracks

  - Fix missing samples at the end of some wav files

  - Fix divide by 0 on ASF/WMV parsing

  + Audio output :

  - Fix audio device selection via command line on Mac OS X

  - Fix audio crashes on Mac OS X

  + Video Output :

  - Fix selection of DirectDraw as the default output for XP

  - Fix transform off-by-one issue

  - Fix screensaver disabling on Windows outputs

  - Fix DirectDraw device enumeration and multi-display
    output

  - Fix a potential crash when playing a fullscreen game at
    the same time as VLC

  + Stream output :

  - Fix 24bits audio MTU alignment in RTP

  - Fix record file names

  + Qt interface :

  - Fix minimal size possible on start

  - Fix a crash with the simple volume widget

  - Fix a crash in the audio menu building

  - Fix multimedia keys issues on Windows

  - Fix opening of DVD and BD folders on Windows

  + HTTP interface: Fix album art display on Windows.

  + Updated translations.

  - Add update-desktop-files BuildRequires and
    %desktop_database_post/postun calls to respective
    scriptlets: Fix
    https://bugs.links2linux.org/browse/PM-108

  - Update to version 2.1.2 :

  + Audio output :

  - Fix digital playback on OS X when more than one audio
    device is installed.

  - Fix digital playback (SPDIF/HDMI) on Windows.

  - Fix stuttering or silent playback when using sound
    enhancers or external audio devices on OS X.

  - Improve responsiveness on OS X when playback starts or
    is being paused.

  - Improve responsiveness, silent playback intervals and
    reliability on iOS.

  + Demuxers :

  - Fix Vimeo and DailyMotion parsing.

  - Various WMV playback improvements and fixes.

  + Decoders :

  - Fix LPCM 20/24-bit decoding and 16 bits with channel
    padding.

  - Fix playback of some HEVC samples.

  + Video filters: Fix crash on deinterlace selection.

  + Qt interface :

  - Fix some streaming profiles when copy existed.

  - Improve A-B loop control.

  - Fix album art update when changing media.

  + Mac OS X interface adjustments.

  + Win32 installer: Kill running VLC process on
    uninstall/update.

  + Updated translations.

  - More features (by adding BuildRequires) :

  + IDN Support (International Domain Names): libidn-devel

  + SFTP Access: libssh2-devel

  + HotKey Support: xcb-util-keysyms-devel

  + Complete SDL Stack: SDL_image-devel

  + ProjectM suppor (for openSUSE &gt;= 12.3)

  - Update to version 2.1.1 :

  + Core :

  - Fix random and reshuffling behaviour.

  - Fix recording.

  - Fix some subtitles track selection.

  + Decoders :

  - VP9 support in WebM.

  - HEVC/H.265 support in MKV, MP4 and raw files.

  - Fix GPU decoding under Windows (DxVA2) crashes.

  + Demuxers :

  - Fix crashes on wav, mlp and mkv and modplug files.

  - Support Speex in ogg files.

  - Fix some .mov playlists support.

  - Support Alac in mkv.

  - Fix WMV3 and palette in AVI.

  - Fix FLAC packetizer issues in some files.

  + Access :

  - Fix DVB options parsing.

  - Fix DeckLink HDMI input.

  - Fix HTTPS connectivity on OS X by loading root
    certificates from Keychain.

  + Audio output :

  - Fixes for DirectSound pass-through.

  - Fixes for OSS output, notably on BSD.

  + Interfaces :

  - Fix HTTP interface infinite loop.

  - Fix D-Bus volume setting.

  + Qt :

  - Reinstore right click subtitle menu to open a subtitle.

  - Fix saving the hotkeys in preferences.

  - Fix saving the audio volume on Win32, using DirectSound.

  - Fix play after drag'n drop.

  - Fix streaming options edition and scale parameter.

  + Stream out :

  - Fix transcoding audio drift issues.

  - Fix numerous audio encoding issues.

  + Win32 installer :

  - Important rewrite to fix numerous bugs, notably about
    updates.

  - Simplification of the upgrade mechanism.

  + Mac OS X interface :

  - Reintroduce the language selector known from pre-2.1
    releases.

  - Fix fullscreen behaviour and various crashes.

  - Fix about dialog crash in Japanese.

  - Fix crashes on proxy lookups.

  - Fixes on the playlist and information behaviours.

  - Fixes on the streaming dialogs.

  - Improves interface resizings.

  + Updated translations.

  - Pass --with-default-font=[path] and

    --with-default-monospace-font=[path] to configure.

  - Drop fix_font_path.patch: replaced with configure
    parameters above.

  - Recommend 'vlc' by vlc-qt: some users might go
    installing the UI package directly. Having Qt most
    likely also means the user has X, so we at least
    recommend the vlc package relying on X.

  - Force creation of plugins cache in vlc-nox %post,
    instead of just touching the file, for details see
    https://trac.videolan.org/vlc/ticket/9807#comment:2

  - Update License: A lot has been relicensed to LGPL-2.1."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.links2linux.org/browse/PM-108"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=864422"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://trac.videolan.org/vlc/ticket/9807#comment:2"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected vlc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"libvlc5-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlc5-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlccore7-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlccore7-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-debugsource-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-devel-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-gnome-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-gnome-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-lang-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-qt-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-qt-debuginfo-2.1.3-10.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vlc");
}

JSON Vulners Source

Initial Source

{"id": "OPENSUSE-2014-178.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)", "description": "VLC was updated to version 2.1.3 (bnc#864422) :\n\n + Core :\n\n - Fix broken behaviour with SOCKSv5 proxies\n\n - Fix integer overflow on error when using vlc_readdir\n\n + Access :\n\n - Fix DVB-T2 tuning on Linux.\n\n - Fix encrypted DVD playback.\n\n - Fix v4l2 frequency conversion.\n\n + Decoders :\n\n - Fix numerous issues (M2TS, VC1 interlaced, Lagarith,\n FFv1.3, Xvid) by updating codec libraries.\n\n - Bring fluidsynth back on Mac OS X\n\n - Fix some Opus crashes with some filters\n\n - Fix teletext crash on Windows\n\n + Demuxers :\n\n - Avoid an infinite recursion in MKV tags parsing\n\n - Fix an issue with some Vobsub tracks\n\n - Fix missing samples at the end of some wav files\n\n - Fix divide by 0 on ASF/WMV parsing\n\n + Audio output :\n\n - Fix audio device selection via command line on Mac OS X\n\n - Fix audio crashes on Mac OS X\n\n + Video Output :\n\n - Fix selection of DirectDraw as the default output for XP\n\n - Fix transform off-by-one issue\n\n - Fix screensaver disabling on Windows outputs\n\n - Fix DirectDraw device enumeration and multi-display\n output\n\n - Fix a potential crash when playing a fullscreen game at\n the same time as VLC\n\n + Stream output :\n\n - Fix 24bits audio MTU alignment in RTP\n\n - Fix record file names\n\n + Qt interface :\n\n - Fix minimal size possible on start\n\n - Fix a crash with the simple volume widget\n\n - Fix a crash in the audio menu building\n\n - Fix multimedia keys issues on Windows\n\n - Fix opening of DVD and BD folders on Windows\n\n + HTTP interface: Fix album art display on Windows.\n\n + Updated translations.\n\n - Add update-desktop-files BuildRequires and\n %desktop_database_post/postun calls to respective\n scriptlets: Fix\n https://bugs.links2linux.org/browse/PM-108\n\n - Update to version 2.1.2 :\n\n + Audio output :\n\n - Fix digital playback on OS X when more than one audio\n device is installed.\n\n - Fix digital playback (SPDIF/HDMI) on Windows.\n\n - Fix stuttering or silent playback when using sound\n enhancers or external audio devices on OS X.\n\n - Improve responsiveness on OS X when playback starts or\n is being paused.\n\n - Improve responsiveness, silent playback intervals and\n reliability on iOS.\n\n + Demuxers :\n\n - Fix Vimeo and DailyMotion parsing.\n\n - Various WMV playback improvements and fixes.\n\n + Decoders :\n\n - Fix LPCM 20/24-bit decoding and 16 bits with channel\n padding.\n\n - Fix playback of some HEVC samples.\n\n + Video filters: Fix crash on deinterlace selection.\n\n + Qt interface :\n\n - Fix some streaming profiles when copy existed.\n\n - Improve A-B loop control.\n\n - Fix album art update when changing media.\n\n + Mac OS X interface adjustments.\n\n + Win32 installer: Kill running VLC process on\n uninstall/update.\n\n + Updated translations.\n\n - More features (by adding BuildRequires) :\n\n + IDN Support (International Domain Names): libidn-devel\n\n + SFTP Access: libssh2-devel\n\n + HotKey Support: xcb-util-keysyms-devel\n\n + Complete SDL Stack: SDL_image-devel\n\n + ProjectM suppor (for openSUSE >= 12.3)\n\n - Update to version 2.1.1 :\n\n + Core :\n\n - Fix random and reshuffling behaviour.\n\n - Fix recording.\n\n - Fix some subtitles track selection.\n\n + Decoders :\n\n - VP9 support in WebM.\n\n - HEVC/H.265 support in MKV, MP4 and raw files.\n\n - Fix GPU decoding under Windows (DxVA2) crashes.\n\n + Demuxers :\n\n - Fix crashes on wav, mlp and mkv and modplug files.\n\n - Support Speex in ogg files.\n\n - Fix some .mov playlists support.\n\n - Support Alac in mkv.\n\n - Fix WMV3 and palette in AVI.\n\n - Fix FLAC packetizer issues in some files.\n\n + Access :\n\n - Fix DVB options parsing.\n\n - Fix DeckLink HDMI input.\n\n - Fix HTTPS connectivity on OS X by loading root\n certificates from Keychain.\n\n + Audio output :\n\n - Fixes for DirectSound pass-through.\n\n - Fixes for OSS output, notably on BSD.\n\n + Interfaces :\n\n - Fix HTTP interface infinite loop.\n\n - Fix D-Bus volume setting.\n\n + Qt :\n\n - Reinstore right click subtitle menu to open a subtitle.\n\n - Fix saving the hotkeys in preferences.\n\n - Fix saving the audio volume on Win32, using DirectSound.\n\n - Fix play after drag'n drop.\n\n - Fix streaming options edition and scale parameter.\n\n + Stream out :\n\n - Fix transcoding audio drift issues.\n\n - Fix numerous audio encoding issues.\n\n + Win32 installer :\n\n - Important rewrite to fix numerous bugs, notably about\n updates.\n\n - Simplification of the upgrade mechanism.\n\n + Mac OS X interface :\n\n - Reintroduce the language selector known from pre-2.1\n releases.\n\n - Fix fullscreen behaviour and various crashes.\n\n - Fix about dialog crash in Japanese.\n\n - Fix crashes on proxy lookups.\n\n - Fixes on the playlist and information behaviours.\n\n - Fixes on the streaming dialogs.\n\n - Improves interface resizings.\n\n + Updated translations.\n\n - Pass --with-default-font=[path] and\n\n --with-default-monospace-font=[path] to configure.\n\n - Drop fix_font_path.patch: replaced with configure\n parameters above.\n\n - Recommend 'vlc' by vlc-qt: some users might go\n installing the UI package directly. Having Qt most\n likely also means the user has X, so we at least\n recommend the vlc package relying on X.\n\n - Force creation of plugins cache in vlc-nox %post,\n instead of just touching the file, for details see\n https://trac.videolan.org/vlc/ticket/9807#comment:2\n\n - Update License: A lot has been relicensed to LGPL-2.1.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/75273", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=864422", "https://trac.videolan.org/vlc/ticket/9807#comment:2", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html", "https://bugs.links2linux.org/browse/PM-108"], "cvelist": ["CVE-2013-3565"], "type": "nessus", "lastseen": "2021-01-20T12:27:25", "edition": 19, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-3565"]}, {"type": "nessus", "idList": ["VLC_2_0_7.NASL"]}], "modified": "2021-01-20T12:27:25", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-01-20T12:27:25", "rev": 2}, "vulnersScore": 5.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75273);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-3565\");\n\n script_name(english:\"openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)\");\n script_summary(english:\"Check for the openSUSE-2014-178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"VLC was updated to version 2.1.3 (bnc#864422) :\n\n + Core :\n\n - Fix broken behaviour with SOCKSv5 proxies\n\n - Fix integer overflow on error when using vlc_readdir\n\n + Access :\n\n - Fix DVB-T2 tuning on Linux.\n\n - Fix encrypted DVD playback.\n\n - Fix v4l2 frequency conversion.\n\n + Decoders :\n\n - Fix numerous issues (M2TS, VC1 interlaced, Lagarith,\n FFv1.3, Xvid) by updating codec libraries.\n\n - Bring fluidsynth back on Mac OS X\n\n - Fix some Opus crashes with some filters\n\n - Fix teletext crash on Windows\n\n + Demuxers :\n\n - Avoid an infinite recursion in MKV tags parsing\n\n - Fix an issue with some Vobsub tracks\n\n - Fix missing samples at the end of some wav files\n\n - Fix divide by 0 on ASF/WMV parsing\n\n + Audio output :\n\n - Fix audio device selection via command line on Mac OS X\n\n - Fix audio crashes on Mac OS X\n\n + Video Output :\n\n - Fix selection of DirectDraw as the default output for XP\n\n - Fix transform off-by-one issue\n\n - Fix screensaver disabling on Windows outputs\n\n - Fix DirectDraw device enumeration and multi-display\n output\n\n - Fix a potential crash when playing a fullscreen game at\n the same time as VLC\n\n + Stream output :\n\n - Fix 24bits audio MTU alignment in RTP\n\n - Fix record file names\n\n + Qt interface :\n\n - Fix minimal size possible on start\n\n - Fix a crash with the simple volume widget\n\n - Fix a crash in the audio menu building\n\n - Fix multimedia keys issues on Windows\n\n - Fix opening of DVD and BD folders on Windows\n\n + HTTP interface: Fix album art display on Windows.\n\n + Updated translations.\n\n - Add update-desktop-files BuildRequires and\n %desktop_database_post/postun calls to respective\n scriptlets: Fix\n https://bugs.links2linux.org/browse/PM-108\n\n - Update to version 2.1.2 :\n\n + Audio output :\n\n - Fix digital playback on OS X when more than one audio\n device is installed.\n\n - Fix digital playback (SPDIF/HDMI) on Windows.\n\n - Fix stuttering or silent playback when using sound\n enhancers or external audio devices on OS X.\n\n - Improve responsiveness on OS X when playback starts or\n is being paused.\n\n - Improve responsiveness, silent playback intervals and\n reliability on iOS.\n\n + Demuxers :\n\n - Fix Vimeo and DailyMotion parsing.\n\n - Various WMV playback improvements and fixes.\n\n + Decoders :\n\n - Fix LPCM 20/24-bit decoding and 16 bits with channel\n padding.\n\n - Fix playback of some HEVC samples.\n\n + Video filters: Fix crash on deinterlace selection.\n\n + Qt interface :\n\n - Fix some streaming profiles when copy existed.\n\n - Improve A-B loop control.\n\n - Fix album art update when changing media.\n\n + Mac OS X interface adjustments.\n\n + Win32 installer: Kill running VLC process on\n uninstall/update.\n\n + Updated translations.\n\n - More features (by adding BuildRequires) :\n\n + IDN Support (International Domain Names): libidn-devel\n\n + SFTP Access: libssh2-devel\n\n + HotKey Support: xcb-util-keysyms-devel\n\n + Complete SDL Stack: SDL_image-devel\n\n + ProjectM suppor (for openSUSE >= 12.3)\n\n - Update to version 2.1.1 :\n\n + Core :\n\n - Fix random and reshuffling behaviour.\n\n - Fix recording.\n\n - Fix some subtitles track selection.\n\n + Decoders :\n\n - VP9 support in WebM.\n\n - HEVC/H.265 support in MKV, MP4 and raw files.\n\n - Fix GPU decoding under Windows (DxVA2) crashes.\n\n + Demuxers :\n\n - Fix crashes on wav, mlp and mkv and modplug files.\n\n - Support Speex in ogg files.\n\n - Fix some .mov playlists support.\n\n - Support Alac in mkv.\n\n - Fix WMV3 and palette in AVI.\n\n - Fix FLAC packetizer issues in some files.\n\n + Access :\n\n - Fix DVB options parsing.\n\n - Fix DeckLink HDMI input.\n\n - Fix HTTPS connectivity on OS X by loading root\n certificates from Keychain.\n\n + Audio output :\n\n - Fixes for DirectSound pass-through.\n\n - Fixes for OSS output, notably on BSD.\n\n + Interfaces :\n\n - Fix HTTP interface infinite loop.\n\n - Fix D-Bus volume setting.\n\n + Qt :\n\n - Reinstore right click subtitle menu to open a subtitle.\n\n - Fix saving the hotkeys in preferences.\n\n - Fix saving the audio volume on Win32, using DirectSound.\n\n - Fix play after drag'n drop.\n\n - Fix streaming options edition and scale parameter.\n\n + Stream out :\n\n - Fix transcoding audio drift issues.\n\n - Fix numerous audio encoding issues.\n\n + Win32 installer :\n\n - Important rewrite to fix numerous bugs, notably about\n updates.\n\n - Simplification of the upgrade mechanism.\n\n + Mac OS X interface :\n\n - Reintroduce the language selector known from pre-2.1\n releases.\n\n - Fix fullscreen behaviour and various crashes.\n\n - Fix about dialog crash in Japanese.\n\n - Fix crashes on proxy lookups.\n\n - Fixes on the playlist and information behaviours.\n\n - Fixes on the streaming dialogs.\n\n - Improves interface resizings.\n\n + Updated translations.\n\n - Pass --with-default-font=[path] and\n\n --with-default-monospace-font=[path] to configure.\n\n - Drop fix_font_path.patch: replaced with configure\n parameters above.\n\n - Recommend 'vlc' by vlc-qt: some users might go\n installing the UI package directly. Having Qt most\n likely also means the user has X, so we at least\n recommend the vlc package relying on X.\n\n - Force creation of plugins cache in vlc-nox %post,\n instead of just touching the file, for details see\n https://trac.videolan.org/vlc/ticket/9807#comment:2\n\n - Update License: A lot has been relicensed to LGPL-2.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.links2linux.org/browse/PM-108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://trac.videolan.org/vlc/ticket/9807#comment:2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vlc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlc5-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlc5-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlccore7-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlccore7-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-debugsource-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-devel-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-gnome-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-gnome-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-lang-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-qt-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-qt-debuginfo-2.1.3-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vlc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75273", "cpe": ["p-cpe:/a:novell:opensuse:vlc-qt", "p-cpe:/a:novell:opensuse:vlc-debugsource", "p-cpe:/a:novell:opensuse:vlc-noX-debuginfo", "p-cpe:/a:novell:opensuse:vlc-gnome", "p-cpe:/a:novell:opensuse:libvlc5", "p-cpe:/a:novell:opensuse:vlc-qt-debuginfo", "p-cpe:/a:novell:opensuse:libvlccore7", "p-cpe:/a:novell:opensuse:vlc-noX", "p-cpe:/a:novell:opensuse:vlc-noX-lang", "p-cpe:/a:novell:opensuse:libvlccore7-debuginfo", "p-cpe:/a:novell:opensuse:vlc-debuginfo", "p-cpe:/a:novell:opensuse:vlc-devel", "p-cpe:/a:novell:opensuse:libvlc5-debuginfo", "p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:vlc"], "scheme": null, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}

{"cve": [{"lastseen": "2021-02-02T06:06:54", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-01-31T22:15:00", "title": "CVE-2013-3565", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3565"], "modified": "2020-02-03T21:53:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1"], "id": "CVE-2013-3565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3565", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-03-01T07:46:28", "description": "The version of VLC media player installed on the remote host is earlier\nthan 2.0.7 and is, therefore, affected by the following vulnerabilities:\n\n - The web interface contains a flaw that does not validate\n input passed via XML services resulting in a cross-site\n scripting vulnerability.\n\n - A flaw exists in the XML services of the web interface\n that may allow a remote attacker to execute media player\n commands.\n\n - A flaw exists that could lead to a denial of service / \n memory consumption when loading a malicious playlist.", "edition": 28, "published": "2013-07-23T00:00:00", "title": "VLC < 2.0.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3564", "CVE-2013-7340", "CVE-2013-3565"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_7.NASL", "href": "https://www.tenable.com/plugins/nessus/69015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69015);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-3564\", \"CVE-2013-3565\", \"CVE-2013-7340\");\n script_bugtraq_id(60705, 66546);\n\n script_name(english:\"VLC < 2.0.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of VLC\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VLC media player installed on the remote host is earlier\nthan 2.0.7 and is, therefore, affected by the following vulnerabilities:\n\n - The web interface contains a flaw that does not validate\n input passed via XML services resulting in a cross-site\n scripting vulnerability.\n\n - A flaw exists in the XML services of the web interface\n that may allow a remote attacker to execute media player\n commands.\n\n - A flaw exists that could lead to a denial of service / \n memory consumption when loading a malicious playlist.\");\n # http://blog.spiderlabs.com/2013/06/twsl2013-006-cross-site-scripting-vulnerability-in-coldbox.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f33883d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-007/?fid=3876&dl=1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/vlc/releases/2.0.7.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nvuln_plugins_installed = make_list();\nversion = get_kb_item_or_exit(\"SMB/VLC/Version\");\n\npath = get_kb_item_or_exit(\"SMB/VLC/File\");\npath = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\n# nb: 'version' may look like '0.9.8a'!\nif (\n version =~ \"^[01]\\.\" ||\n version =~ \"^2\\.0\\.[0-6]($|[^0-9])\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.7\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VLC\", version, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}