ID OPERA_2200.NASL Type nessus Reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
The version of Opera installed on the remote host is prior to version
22. It is, therefore, reportedly affected by multiple vulnerabilities
in the bundled version of Chromium :
Use-after-free errors exist related to
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(74362);
script_version("1.10");
script_cvs_date("Date: 2019/11/26");
script_cve_id(
"CVE-2014-1743",
"CVE-2014-1744",
"CVE-2014-1745",
"CVE-2014-1746",
"CVE-2014-1747",
"CVE-2014-1748",
"CVE-2014-1749",
"CVE-2014-3152",
"CVE-2014-3803"
);
script_bugtraq_id(67237, 67517, 67582);
script_name(english:"Opera < 22 Multiple Chromium Vulnerabilities");
script_summary(english:"Checks version number of Opera.");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is prior to version
22. It is, therefore, reportedly affected by multiple vulnerabilities
in the bundled version of Chromium :
- Use-after-free errors exist related to 'styles' and
'SVG' handling. (CVE-2014-1743, CVE-2014-1745)
- An integer overflow error exists related to audio
handling. (CVE-2014-1744)
- An out-of-bounds read error exists related to media
filters. (CVE-2014-1746)
- A user-input validation error exists related to
handling local MHTML files that could allow
for universal cross-site scripting (UXSS) attacks.
(CVE-2014-1747)
- An unspecified error exists related to the scrollbar
that could allow UI spoofing. (CVE-2014-1748)
- Various unspecified errors. (CVE-2014-1749)
- An integer underflow error exists related to the V8
JavaScript engine that could allow a denial of service
condition. (CVE-2014-3152)
- An error exists related to the 'Blick' 'SpeechInput'
feature that could allow click-jacking and information
disclosure. (CVE-2014-3803)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://blogs.opera.com/desktop/changelog22/");
# http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2da726ba");
script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Opera 22 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3152");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/06");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("opera_installed.nasl");
script_require_keys("SMB/Opera/Version", "SMB/Opera/Path");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("SMB/Opera/Version");
path = get_kb_item_or_exit("SMB/Opera/Path");
version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui;
if (get_kb_item("SMB/Opera/supported_classic_branch")) audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
fixed_version = "22.0.1471.50";
# Check if we need to display full version info in case of Alpha/Beta/RC
major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
if (major_minor[1] == "22.0")
{
fixed_version_report = fixed_version;
version_report = version;
}
else fixed_version_report = "22.0";
if (ver_compare(ver:version, fix:fixed_version) == -1)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version_report +
'\n Fixed version : ' + fixed_version_report +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
{"id": "OPERA_2200.NASL", "bulletinFamily": "scanner", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "description": "The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to ", "published": "2014-06-06T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/74362", "reporter": "This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba", "http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "type": "nessus", "lastseen": "2019-11-27T11:50:03", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:opera:opera_browser"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to ", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-11-01T03:13:31", "references": [{"idList": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "type": "cve"}, {"idList": ["THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A"], "type": "threatpost"}, {"idList": ["1091D2D1-CB2E-11E5-B14B-BCAEC565249C", "64F3872B-E05D-11E3-9DD4-00262D5ED8EE"], "type": "freebsd"}, {"idList": ["SECURITYVULNS:VULN:14148", "SECURITYVULNS:VULN:13748", "SECURITYVULNS:DOC:31492", "SECURITYVULNS:DOC:30793"], "type": "securityvulns"}, {"idList": ["DEBIAN:DSA-2939-1:3EA17"], "type": "debian"}, {"idList": ["GOOGLE_CHROME_35_0_1916_114.NASL", "UBUNTU_USN-2298-1.NASL", "DEBIAN_DSA-2939.NASL", "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL", "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "FEDORA_2015-6845.NASL", "FEDORA_2015-6890.NASL", "MACOSX_GOOGLE_CHROME_35_0_1916_114.NASL", "FEDORA_2015-6908.NASL", "OPENSUSE-2014-420.NASL"], "type": "nessus"}, {"idList": ["KLA10007"], "type": "kaspersky"}, {"idList": ["GLSA-201408-16"], "type": "gentoo"}, {"idList": ["USN-2937-1", "USN-2298-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310804618", "OPENVAS:1361412562310869668", "OPENVAS:1361412562310121260", "OPENVAS:1361412562310804617", "OPENVAS:1361412562310869351", "OPENVAS:1361412562310869349", "OPENVAS:1361412562310804616", "OPENVAS:702939", "OPENVAS:1361412562310841913", "OPENVAS:1361412562310702939"], "type": "openvas"}]}, "score": {"modified": "2019-11-01T03:13:31", "value": 7.7, "vector": "NONE"}}, "hash": "94ca1af0de6c96be6f83a696d99c47c81bd4385853890920ce5d25e25dc94e17", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "eebc0e5cad997220d136d9e0c6386556", "key": "reporter"}, {"hash": "8c982307dc3f619adbfbfb39f0862914", "key": "sourceData"}, {"hash": "58411527d17a4ebf71f6a036b84e30d5", "key": "pluginID"}, {"hash": "71169a7997a7f8dc2cc3007194017fd9", "key": "references"}, {"hash": "b9fcf01d84dc9c22219288ec05accf4c", "key": "href"}, {"hash": "5882127458b93e87fc0e933aac356b80", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d9f4d3a158cac64526af8aae2375e334", "key": "description"}, {"hash": "8291dd692a5d24e3b1a8247e53d155ce", "key": "title"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9", "key": "cpe"}, {"hash": "58dfaa03d3bab748a33f854ee532d136", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/74362", "id": "OPERA_2200.NASL", "lastseen": "2019-11-01T03:13:31", "modified": "2019-11-02T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "74362", "published": "2014-06-06T00:00:00", "references": ["https://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba", "http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/"], "reporter": "This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["reporter", "sourceData"], "edition": 11, "lastseen": "2019-11-01T03:13:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:opera:opera_browser"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to handling local MHTML files that could allow for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8 JavaScript engine that could allow a denial of service condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "c97401c6973ca984d840970a0e6be963b20f5a5122bd89850ece01ba48fbf2d5", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "d9c8babe1f42a1f831e2df21c82416c8", "key": "description"}, {"hash": "269429f5ba9e77b536433d4fb6ad5e60", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "58411527d17a4ebf71f6a036b84e30d5", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3487ad13e00e4e90d860294ed8b233be", "key": "modified"}, {"hash": "5882127458b93e87fc0e933aac356b80", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8291dd692a5d24e3b1a8247e53d155ce", "key": "title"}, {"hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9", "key": "cpe"}, {"hash": "2b276858a8871250229dba662d3d2a03", "key": "sourceData"}, {"hash": "c391069d2172e885550ad6d02d292633", "key": "references"}, {"hash": "58dfaa03d3bab748a33f854ee532d136", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74362", "id": "OPERA_2200.NASL", "lastseen": "2017-12-27T13:01:07", "modified": "2017-12-26T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "74362", "published": "2014-06-06T00:00:00", "references": ["http://www.opera.com/docs/changelogs/unified/2200/", "http://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2017/12/26 18:12:02 $\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n script_osvdb_id(\n 107139,\n 107140,\n 107141,\n 107142,\n 107143,\n 107144,\n 107145,\n 107165,\n 107253\n );\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.opera.com/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-12-27T13:01:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:opera:opera_browser"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:18:31", "references": [{"idList": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "type": "cve"}, {"idList": ["THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A"], "type": "threatpost"}, {"idList": ["1091D2D1-CB2E-11E5-B14B-BCAEC565249C", "64F3872B-E05D-11E3-9DD4-00262D5ED8EE"], "type": "freebsd"}, {"idList": ["SECURITYVULNS:VULN:14148", "SECURITYVULNS:VULN:13748", "SECURITYVULNS:DOC:31492", "SECURITYVULNS:DOC:30793"], "type": "securityvulns"}, {"idList": ["DEBIAN:DSA-2939-1:3EA17"], "type": "debian"}, {"idList": ["GOOGLE_CHROME_35_0_1916_114.NASL", "UBUNTU_USN-2298-1.NASL", "DEBIAN_DSA-2939.NASL", "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL", "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "FEDORA_2015-6845.NASL", "FEDORA_2015-6890.NASL", "MACOSX_GOOGLE_CHROME_35_0_1916_114.NASL", "FEDORA_2015-6908.NASL", "OPENSUSE-2014-420.NASL"], "type": "nessus"}, {"idList": ["KLA10007"], "type": "kaspersky"}, {"idList": ["GLSA-201408-16"], "type": "gentoo"}, {"idList": ["USN-2937-1", "USN-2298-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310804618", "OPENVAS:1361412562310869668", "OPENVAS:1361412562310121260", "OPENVAS:1361412562310804617", "OPENVAS:1361412562310869351", "OPENVAS:1361412562310869349", "OPENVAS:1361412562310804616", "OPENVAS:702939", "OPENVAS:1361412562310841913", "OPENVAS:1361412562310702939"], "type": "openvas"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "b6bf76981612de7c3b128bd81907c9536b439a25d1453d2c980bd431ddd92d16", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "269429f5ba9e77b536433d4fb6ad5e60", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8c982307dc3f619adbfbfb39f0862914", "key": "sourceData"}, {"hash": "58411527d17a4ebf71f6a036b84e30d5", "key": "pluginID"}, {"hash": "71169a7997a7f8dc2cc3007194017fd9", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "0885f4972da0fae44e363f8de74214a8", "key": "description"}, {"hash": "5882127458b93e87fc0e933aac356b80", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8291dd692a5d24e3b1a8247e53d155ce", "key": "title"}, {"hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9", "key": "cpe"}, {"hash": "58dfaa03d3bab748a33f854ee532d136", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74362", "id": "OPERA_2200.NASL", "lastseen": "2019-01-16T20:18:31", "modified": "2018-11-15T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "74362", "published": "2014-06-06T00:00:00", "references": ["https://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba", "http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:18:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:opera:opera_browser"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to handling local MHTML files that could allow for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8 JavaScript engine that could allow a denial of service condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 2, "enchantments": {"score": {"modified": "2017-10-29T13:39:59", "value": 8.8}}, "hash": "6cdd7ef26a19a5155720a28809d81fa7c234ae18f359ddb1e770fc878e368737", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "269b2b6abcbd7505b4f1e461473394f8", "key": "modified"}, {"hash": "d9c8babe1f42a1f831e2df21c82416c8", "key": "description"}, {"hash": "269429f5ba9e77b536433d4fb6ad5e60", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "58411527d17a4ebf71f6a036b84e30d5", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5882127458b93e87fc0e933aac356b80", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8291dd692a5d24e3b1a8247e53d155ce", "key": "title"}, {"hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9", "key": "cpe"}, {"hash": "bdd55ec1bc0968e0ae8f3f0cf6e28a04", "key": "sourceData"}, {"hash": "c391069d2172e885550ad6d02d292633", "key": "references"}, {"hash": "58dfaa03d3bab748a33f854ee532d136", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74362", "id": "OPERA_2200.NASL", "lastseen": "2017-10-29T13:39:59", "modified": "2015-02-11T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "74362", "published": "2014-06-06T00:00:00", "references": ["http://www.opera.com/docs/changelogs/unified/2200/", "http://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2015/02/11 21:07:50 $\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n script_osvdb_id(\n 107139,\n 107140,\n 107141,\n 107142,\n 107143,\n 107144,\n 107145,\n 107165,\n 107253\n );\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.opera.com/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:39:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:opera:opera_browser"], "cvelist": ["CVE-2014-1747", "CVE-2014-3152", "CVE-2014-1744", "CVE-2014-1743", "CVE-2014-1746", "CVE-2014-1749", "CVE-2014-1745", "CVE-2014-1748", "CVE-2014-3803"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The version of Opera installed on the remote host is prior to version 22. It is, therefore, reportedly affected by multiple vulnerabilities in the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to handling local MHTML files that could allow for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8 JavaScript engine that could allow a denial of service condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput' feature that could allow click-jacking and information disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "2bb50c120e8e9891d14cea6da5ca44db5537818c8f0c51467d218568eeace347", "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "d9c8babe1f42a1f831e2df21c82416c8", "key": "description"}, {"hash": "269429f5ba9e77b536433d4fb6ad5e60", "key": "href"}, {"hash": "1318cf0112a941a672e88d30b1e5dcaa", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "58411527d17a4ebf71f6a036b84e30d5", "key": "pluginID"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "5882127458b93e87fc0e933aac356b80", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4395952e0539c0ade337a4524a70675e", "key": "modified"}, {"hash": "8291dd692a5d24e3b1a8247e53d155ce", "key": "title"}, {"hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9", "key": "cpe"}, {"hash": "c391069d2172e885550ad6d02d292633", "key": "references"}, {"hash": "58dfaa03d3bab748a33f854ee532d136", "key": "cvelist"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=74362", "id": "OPERA_2200.NASL", "lastseen": "2018-07-18T14:02:04", "modified": "2018-07-16T00:00:00", "naslFamily": "Windows", "objectVersion": "1.3", "pluginID": "74362", "published": "2014-06-06T00:00:00", "references": ["http://www.opera.com/docs/changelogs/unified/2200/", "http://blogs.opera.com/desktop/changelog22/", "http://www.nessus.org/u?2da726ba"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/16 14:09:15\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.opera.com/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "title": "Opera < 22 Multiple Chromium Vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-18T14:02:04"}], "edition": 12, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "a4e3eaa4d79c4dd22c2f5cb51f217cb9"}, {"key": "cvelist", "hash": "58dfaa03d3bab748a33f854ee532d136"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "d9f4d3a158cac64526af8aae2375e334"}, {"key": "href", "hash": "b9fcf01d84dc9c22219288ec05accf4c"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "aea23489ce3aa9b6406ebb28e0cda430"}, {"key": "pluginID", "hash": "58411527d17a4ebf71f6a036b84e30d5"}, {"key": "published", "hash": "5882127458b93e87fc0e933aac356b80"}, {"key": "references", "hash": "71169a7997a7f8dc2cc3007194017fd9"}, {"key": "reporter", "hash": "0fb1014b4614192eebbaf69393c57e18"}, {"key": "sourceData", "hash": "00f1f6beae24d7e43d997a0af5caae60"}, {"key": "title", "hash": "8291dd692a5d24e3b1a8247e53d155ce"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "cd40ba2181020e900a6ff79e44820db32304bc71fc8b20380ab1aa65b8d44367", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310804617", "OPENVAS:1361412562310804616", "OPENVAS:1361412562310804618", "OPENVAS:702939", "OPENVAS:1361412562310702939", "OPENVAS:1361412562310841913", "OPENVAS:1361412562310869668", "OPENVAS:1361412562310869351", "OPENVAS:1361412562310869349", "OPENVAS:1361412562310121260"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_35_0_1916_114.NASL", "GOOGLE_CHROME_35_0_1916_114.NASL", "DEBIAN_DSA-2939.NASL", "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "OPENSUSE-2014-420.NASL", "UBUNTU_USN-2298-1.NASL", "FEDORA_2015-6908.NASL", "FEDORA_2015-6845.NASL", "FEDORA_2015-6890.NASL", "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL"]}, {"type": "kaspersky", "idList": ["KLA10007"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2939-1:3EA17"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30793", "SECURITYVULNS:VULN:13748", "SECURITYVULNS:DOC:31492", "SECURITYVULNS:VULN:14148"]}, {"type": "freebsd", "idList": ["64F3872B-E05D-11E3-9DD4-00262D5ED8EE", "1091D2D1-CB2E-11E5-B14B-BCAEC565249C"]}, {"type": "threatpost", "idList": ["THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A"]}, {"type": "cve", "idList": ["CVE-2014-3803", "CVE-2014-1749", "CVE-2014-1744", "CVE-2014-3152", "CVE-2014-1743", "CVE-2014-1747", "CVE-2014-1746", "CVE-2014-1745", "CVE-2014-1748"]}, {"type": "ubuntu", "idList": ["USN-2298-1", "USN-2937-1"]}, {"type": "gentoo", "idList": ["GLSA-201408-16"]}], "modified": "2019-11-27T11:50:03"}, "score": {"value": 7.7, "vector": "NONE", "modified": "2019-11-27T11:50:03"}, "vulnersScore": 7.7}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74362);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67237, 67517, 67582);\n\n script_name(english:\"Opera < 22 Multiple Chromium Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is prior to version\n22. It is, therefore, reportedly affected by multiple vulnerabilities\nin the bundled version of Chromium :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files that could allow\n for universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine that could allow a denial of service\n condition. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://blogs.opera.com/desktop/changelog22/\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170922104144/http://www.opera.com:80/docs/changelogs/unified/2200/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 22 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3152\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\", \"SMB/Opera/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Opera/Version\");\npath = get_kb_item_or_exit(\"SMB/Opera/Path\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (get_kb_item(\"SMB/Opera/supported_classic_branch\")) audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n\nfixed_version = \"22.0.1471.50\";\n\n# Check if we need to display full version info in case of Alpha/Beta/RC\nmajor_minor = eregmatch(string:version, pattern:\"^([0-9]+\\.[0-9]+)\");\nif (major_minor[1] == \"22.0\")\n{\n fixed_version_report = fixed_version;\n version_report = version;\n}\nelse fixed_version_report = \"22.0\";\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fixed_version_report +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Opera\", version_report, path);\n", "naslFamily": "Windows", "pluginID": "74362", "cpe": ["cpe:/a:opera:opera_browser"], "scheme": null}
{"openvas": [{"lastseen": "2019-07-19T22:14:15", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804617", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804617\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 10:20:11 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:46", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804618", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804618\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 10:20:11 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:14:44", "bulletinFamily": "scanner", "description": "The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-06-04T00:00:00", "id": "OPENVAS:1361412562310804616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804616", "title": "Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804616\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\",\n \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\",\n \"CVE-2014-3803\");\n script_bugtraq_id(67790, 67517, 67582);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-06-04 09:39:42 +0530 (Wed, 04 Jun 2014)\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 01 June14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - A use-after-free error exists in 'StyleElement::removedFromDocument' function\nwithin core/dom/StyleElement.cpp.\n\n - An integer overflow error exists in 'AudioInputRendererHost::OnCreateStream'\nfunction in media/audio_input_renderer_host.cc.\n\n - A use-after-free error exists within SVG.\n\n - An error within media filters in 'InMemoryUrlProtocol::Read'.\n\n - An error in 'DocumentLoader::maybeCreateArchive' function related to a local\nMHTML file.\n\n - An error in 'ScrollView::paint' function related to scroll bars.\n\n - Multiple unspecified errors exist.\n\n - An integer overflow error in 'LCodeGen::PrepareKeyedOperand' function in\narm/lithium-codegen-arm.cc within v8.\n\n - Some error in speech API within Blink.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct a denial of\nservice, inject arbitrary web script or HTML, spoof the UI, enable microphone\naccess and obtain speech-recognition text and possibly have other unspecified\nimpact.\");\n script_tag(name:\"affected\", value:\"Google Chrome version prior to 35.0.1916.114 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2014/05/stable-channel-update_20.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"35.0.1916.114\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-31T10:49:04", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744 \nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745 \nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation. \n\nCVE-2014-1746 \nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747 \npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748 \nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749 \nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152 \nAn integer underflow issue was discovered in the v8 javascript\nlibrary.", "modified": "2017-07-14T00:00:00", "published": "2014-05-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702939", "id": "OPENVAS:702939", "title": "Debian Security Advisory DSA 2939-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2939.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 2939-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"chromium-browser on Debian Linux\";\ntag_insight = \"Chromium is an open-source browser project that aims to build a safer, faster,\nand more stable way for all Internet users to experience the web.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\";\ntag_summary = \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743 \ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744 \nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745 \nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation. \n\nCVE-2014-1746 \nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747 \npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748 \nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749 \nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152 \nAn integer underflow issue was discovered in the v8 javascript\nlibrary.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702939);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_name(\"Debian Security Advisory DSA 2939-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-31 00:00:00 +0200 (Sat, 31 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2939.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744\nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745\nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation.\n\nCVE-2014-1746\nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747\npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748\nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152\nAn integer underflow issue was discovered in the v8 javascript\nlibrary.", "modified": "2019-03-19T00:00:00", "published": "2014-05-31T00:00:00", "id": "OPENVAS:1361412562310702939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702939", "title": "Debian Security Advisory DSA 2939-1 (chromium-browser - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2939.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2939-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702939\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_name(\"Debian Security Advisory DSA 2939-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-31 00:00:00 +0200 (Sat, 31 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2939.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\ncloudfuzzer discovered a use-after-free issue in the Blink/Webkit\ndocument object model implementation.\n\nCVE-2014-1744\nAaron Staple discovered an integer overflow issue in audio input\nhandling.\n\nCVE-2014-1745\nAtte Kettunen discovered a use-after-free issue in the Blink/Webkit\nscalable vector graphics implementation.\n\nCVE-2014-1746\nHolger Fuhrmannek discovered an out-of-bounds read issue in the URL\nprotocol implementation for handling media.\n\nCVE-2014-1747\npackagesu discovered a cross-site scripting issue involving\nmalformed MHTML files.\n\nCVE-2014-1748\nJordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\nThe Google Chrome development team discovered and fixed multiple\nissues with potential security impact.\n\nCVE-2014-3152\nAn integer underflow issue was discovered in the v8 javascript\nlibrary.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-browser-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"35.0.1916.114-1~deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-07-28T00:00:00", "id": "OPENVAS:1361412562310841913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841913", "title": "Ubuntu Update for oxide-qt USN-2298-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2298_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for oxide-qt USN-2298-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841913\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-28 16:39:33 +0530 (Mon, 28 Jul 2014)\");\n script_cve_id(\"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1735\", \"CVE-2014-3162\",\n \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\",\n \"CVE-2014-1744\", \"CVE-2014-1746\", \"CVE-2014-1748\", \"CVE-2014-3152\",\n \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3157\", \"CVE-2014-3160\",\n \"CVE-2014-3803\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_name(\"Ubuntu Update for oxide-qt USN-2298-1\");\n\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"A type confusion bug was discovered in V8. If a user were\ntricked in to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer crash, or execute arbitrary\ncode with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in\nChromium. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service via\napplication crash or execute arbitrary code with the privileges of the\nuser invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via renderer crash or execute arbitrary code with the privileges\nof the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via renderer crash\nor execute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user invoking\nthe program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked\nin to opening a specially crafter website, an attacker could potentially\nexploit this to cause a denial of service via application crash.\n(CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to\nthe parent frame in some circumstances. An attacker could potentially\nexploit ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2298-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2298-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.0.4-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-07-07T00:00:00", "id": "OPENVAS:1361412562310869668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869668", "title": "Fedora Update for v8 FEDORA-2015-6890", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2015-6890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869668\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-07 06:33:04 +0200 (Tue, 07 Jul 2015)\");\n script_cve_id(\"CVE-2014-3152\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for v8 FEDORA-2015-6890\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"v8 on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6890\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~18.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-09T00:00:00", "id": "OPENVAS:1361412562310869351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869351", "title": "Fedora Update for v8 FEDORA-2015-6845", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2015-6845\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869351\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-09 05:52:24 +0200 (Sat, 09 May 2015)\");\n script_cve_id(\"CVE-2014-3152\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for v8 FEDORA-2015-6845\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"v8 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6845\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~18.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-05-09T00:00:00", "id": "OPENVAS:1361412562310869349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869349", "title": "Fedora Update for v8 FEDORA-2015-6908", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for v8 FEDORA-2015-6908\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869349\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-09 05:52:17 +0200 (Sat, 09 May 2015)\");\n script_cve_id(\"CVE-2014-3152\", \"CVE-2013-6668\", \"CVE-2014-1704\", \"CVE-2013-6640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for v8 FEDORA-2015-6908\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'v8'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"v8 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6908\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"v8\", rpm:\"v8~3.14.5.10~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201408-16", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121260", "title": "Gentoo Security Advisory GLSA 201408-16", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201408-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121260\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:47 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201408-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201408-16\");\n script_cve_id(\"CVE-2014-1741\", \"CVE-2014-0538\", \"CVE-2014-1700\", \"CVE-2014-1701\", \"CVE-2014-1702\", \"CVE-2014-1703\", \"CVE-2014-1704\", \"CVE-2014-1705\", \"CVE-2014-1713\", \"CVE-2014-1714\", \"CVE-2014-1715\", \"CVE-2014-1716\", \"CVE-2014-1717\", \"CVE-2014-1718\", \"CVE-2014-1719\", \"CVE-2014-1720\", \"CVE-2014-1721\", \"CVE-2014-1722\", \"CVE-2014-1723\", \"CVE-2014-1724\", \"CVE-2014-1725\", \"CVE-2014-1726\", \"CVE-2014-1727\", \"CVE-2014-1728\", \"CVE-2014-1729\", \"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1732\", \"CVE-2014-1733\", \"CVE-2014-1734\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3156\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3165\", \"CVE-2014-3166\", \"CVE-2014-3167\", \"CVE-2014-3168\", \"CVE-2014-3169\", \"CVE-2014-3170\", \"CVE-2014-3171\", \"CVE-2014-3172\", \"CVE-2014-3173\", \"CVE-2014-3174\", \"CVE-2014-3175\", \"CVE-2014-3176\", \"CVE-2014-3177\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201408-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 37.0.2062.94\"), vulnerable: make_list(\"lt 37.0.2062.94\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-27T11:12:06", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 35.0.1916.114. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to ", "modified": "2019-11-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_35_0_1916_114.NASL", "href": "https://www.tenable.com/plugins/nessus/74123", "published": "2014-05-21T00:00:00", "title": "Google Chrome < 35.0.1916.114 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74123);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67517, 67582);\n\n script_name(english:\"Google Chrome < 35.0.1916.114 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 35.0.1916.114. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files. (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine. (CVE-2014-3152)\n\n - An error exists related to the 'Blink' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3152\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'35.0.1916.114', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-27T10:58:24", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 35.0.1916.114. It is, therefore, affected by the following\nvulnerabilities :\n\n - Use-after-free errors exist related to ", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_35_0_1916_114.NASL", "href": "https://www.tenable.com/plugins/nessus/74122", "published": "2014-05-21T00:00:00", "title": "Google Chrome < 35.0.1916.114 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74122);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-1743\",\n \"CVE-2014-1744\",\n \"CVE-2014-1745\",\n \"CVE-2014-1746\",\n \"CVE-2014-1747\",\n \"CVE-2014-1748\",\n \"CVE-2014-1749\",\n \"CVE-2014-3152\",\n \"CVE-2014-3803\"\n );\n script_bugtraq_id(67517, 67582);\n\n script_name(english:\"Google Chrome < 35.0.1916.114 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 35.0.1916.114. It is, therefore, affected by the following\nvulnerabilities :\n\n - Use-after-free errors exist related to 'styles' and\n 'SVG' handling. (CVE-2014-1743, CVE-2014-1745)\n\n - An integer overflow error exists related to audio\n handling. (CVE-2014-1744)\n\n - An out-of-bounds read error exists related to media\n filters. (CVE-2014-1746)\n\n - A user-input validation error exists related to\n handling local MHTML files. (CVE-2014-1747)\n\n - An unspecified error exists related to the scrollbar\n that could allow UI spoofing. (CVE-2014-1748)\n\n - Various unspecified errors. (CVE-2014-1749)\n\n - An integer underflow error exists related to the V8\n JavaScript engine. (CVE-2014-3152)\n\n - An error exists related to the 'Blick' 'SpeechInput'\n feature that could allow click-jacking and information\n disclosure. (CVE-2014-3803)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2da726ba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 35.0.1916.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-3152\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'35.0.1916.114', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:38:21", "bulletinFamily": "scanner", "description": "Google Chrome Releases reports :\n\n23 security fixes in this release, including :\n\n- [356653] High CVE-2014-1743: Use-after-free in styles. Credit to\ncloudfuzzer.\n\n- [359454] High CVE-2014-1744: Integer overflow in audio. Credit to\nAaron Staple.\n\n- [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters.\nCredit to Holger Fuhrmannek.\n\n- [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to\npackagesu.\n\n- [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to\nJordan Milne.\n\n- [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- [358057] CVE-2014-3152: Integer underflow in V8 fixed in version\n3.25.28.16.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_64F3872BE05D11E39DD400262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/74114", "published": "2014-05-21T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74114);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/06/14 00:01:14 $\");\n\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n23 security fixes in this release, including :\n\n- [356653] High CVE-2014-1743: Use-after-free in styles. Credit to\ncloudfuzzer.\n\n- [359454] High CVE-2014-1744: Integer overflow in audio. Credit to\nAaron Staple.\n\n- [346192] High CVE-2014-1745: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [364065] Medium CVE-2014-1746: Out-of-bounds read in media filters.\nCredit to Holger Fuhrmannek.\n\n- [330663] Medium CVE-2014-1747: UXSS with local MHTML file. Credit to\npackagesu.\n\n- [331168] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to\nJordan Milne.\n\n- [374649] CVE-2014-1749: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- [358057] CVE-2014-3152: Integer underflow in V8 fixed in version\n3.25.28.16.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/64f3872b-e05d-11e3-9dd4-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f712737\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<35.0.1916.114\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:21:17", "bulletinFamily": "scanner", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1743\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit document object model implementation.\n\n - CVE-2014-1744\n Aaron Staple discovered an integer overflow issue in\n audio input handling.\n\n - CVE-2014-1745\n Atte Kettunen discovered a use-after-free issue in the\n Blink/Webkit scalable vector graphics implementation. \n\n - CVE-2014-1746\n Holger Fuhrmannek discovered an out-of-bounds read issue\n in the URL protocol implementation for handling media.\n\n - CVE-2014-1747\n packagesu discovered a cross-site scripting issue\n involving malformed MHTML files.\n\n - CVE-2014-1748\n Jordan Milne discovered a user interface spoofing issue.\n\n - CVE-2014-1749\n The Google Chrome development team discovered and fixed\n multiple issues with potential security impact.\n\n - CVE-2014-3152\n An integer underflow issue was discovered in the v8\n JavaScript library.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2939.NASL", "href": "https://www.tenable.com/plugins/nessus/74256", "published": "2014-06-02T00:00:00", "title": "Debian DSA-2939-1 : chromium-browser - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2939. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74256);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:36\");\n\n script_cve_id(\"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_bugtraq_id(67517);\n script_xref(name:\"DSA\", value:\"2939\");\n\n script_name(english:\"Debian DSA-2939-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2014-1743\n cloudfuzzer discovered a use-after-free issue in the\n Blink/Webkit document object model implementation.\n\n - CVE-2014-1744\n Aaron Staple discovered an integer overflow issue in\n audio input handling.\n\n - CVE-2014-1745\n Atte Kettunen discovered a use-after-free issue in the\n Blink/Webkit scalable vector graphics implementation. \n\n - CVE-2014-1746\n Holger Fuhrmannek discovered an out-of-bounds read issue\n in the URL protocol implementation for handling media.\n\n - CVE-2014-1747\n packagesu discovered a cross-site scripting issue\n involving malformed MHTML files.\n\n - CVE-2014-1748\n Jordan Milne discovered a user interface spoofing issue.\n\n - CVE-2014-1749\n The Google Chrome development team discovered and fixed\n multiple issues with potential security impact.\n\n - CVE-2014-3152\n An integer underflow issue was discovered in the v8\n JavaScript library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-1749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-3152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 35.0.1916.114-1~deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"chromium\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-dbg\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-inspector\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-browser-l10n\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-dbg\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-inspector\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"chromium-l10n\", reference:\"35.0.1916.114-1~deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T03:00:41", "bulletinFamily": "scanner", "description": "chromium was updated to version 35.0.1916.114 to fix various security\nissues. Security fixes :\n\n - CVE-2014-1743: Use-after-free in styles\n\n - CVE-2014-1744: Integer overflow in audio\n\n - CVE-2014-1745: Use-after-free in SVG\n\n - CVE-2014-1746: Out-of-bounds read in media filters\n\n - CVE-2014-1747: UXSS with local MHTML file\n\n - CVE-2014-1748: UI spoofing with scrollbar\n\n - CVE-2014-1749: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2014-3152: Integer underflow in V8 fixed\n\n - CVE-2014-1740: Use-after-free in WebSockets\n\n - CVE-2014-1741: Integer overflow in DOM range\n\n - CVE-2014-1742: Use-after-free in editing and 17 more for\n which no detailed information is given.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-420.NASL", "href": "https://www.tenable.com/plugins/nessus/75387", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-420.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75387);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1745\", \"CVE-2014-1746\", \"CVE-2014-1747\", \"CVE-2014-1748\", \"CVE-2014-1749\", \"CVE-2014-3152\");\n script_bugtraq_id(67374, 67375, 67376, 67517, 71464);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2014:0783-1)\");\n script_summary(english:\"Check for the openSUSE-2014-420 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"chromium was updated to version 35.0.1916.114 to fix various security\nissues. Security fixes :\n\n - CVE-2014-1743: Use-after-free in styles\n\n - CVE-2014-1744: Integer overflow in audio\n\n - CVE-2014-1745: Use-after-free in SVG\n\n - CVE-2014-1746: Out-of-bounds read in media filters\n\n - CVE-2014-1747: UXSS with local MHTML file\n\n - CVE-2014-1748: UI spoofing with scrollbar\n\n - CVE-2014-1749: Various fixes from internal audits,\n fuzzing and other initiatives\n\n - CVE-2014-3152: Integer underflow in V8 fixed\n\n - CVE-2014-1740: Use-after-free in WebSockets\n\n - CVE-2014-1741: Integer overflow in DOM range\n\n - CVE-2014-1742: Use-after-free in editing and 17 more for\n which no detailed information is given.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ninja-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromedriver-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-debugsource-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-gnome-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-desktop-kde-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-ffmpegsumo-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"chromium-suid-helper-debuginfo-35.0.1916.114-1.45.4\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-debuginfo-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ninja-debugsource-3.0+git.20130603.0f53fd3-2.6.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-35.0.1916.114-37.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-suid-helper-debuginfo-35.0.1916.114-37.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:30:52", "bulletinFamily": "scanner", "description": "A type confusion bug was discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered\nin Chromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1735,\nCVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were\ntricked in to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in\nto the parent frame in some circumstances. An attacker could\npotentially exploit this to conduct clickjacking attacks via UI\nredress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked\nin to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for\nsubresource loading in SVG images. If a user opened a site that\nembedded a specially crafted image, an attacker could exploit this to\nlog page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be\nactivated without consent or any visible indication. If a user were\ntricked in to opening a specially crafted website, an attacker could\nexploit this to eavesdrop on the user. (CVE-2014-3803).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-2298-1.NASL", "href": "https://www.tenable.com/plugins/nessus/76756", "published": "2014-07-24T00:00:00", "title": "Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2298-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76756);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:30\");\n\n script_cve_id(\"CVE-2014-1730\", \"CVE-2014-1731\", \"CVE-2014-1735\", \"CVE-2014-1740\", \"CVE-2014-1741\", \"CVE-2014-1742\", \"CVE-2014-1743\", \"CVE-2014-1744\", \"CVE-2014-1746\", \"CVE-2014-1748\", \"CVE-2014-3152\", \"CVE-2014-3154\", \"CVE-2014-3155\", \"CVE-2014-3157\", \"CVE-2014-3160\", \"CVE-2014-3162\", \"CVE-2014-3803\");\n script_bugtraq_id(67082, 67374, 67375, 67376, 67517, 67572, 67582, 67972, 67977, 67980, 68677);\n script_xref(name:\"USN\", value:\"2298-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A type confusion bug was discovered in V8. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered\nin Chromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2014-1735,\nCVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via application crash or execute arbitrary code\nwith the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData\nimplementation. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit these to cause\na denial of service via renderer crash or execute arbitrary code with\nthe privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit these to cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were\ntricked in to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in\nto the parent frame in some circumstances. An attacker could\npotentially exploit this to conduct clickjacking attacks via UI\nredress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked\nin to opening a specially crafter website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An\nattacker could potentially exploit this to cause a denial of service\nvia application crash or execute arbitrary code with the privileges of\nthe user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash or\nexecute arbitrary code with the privileges of the sandboxed render\nprocess. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for\nsubresource loading in SVG images. If a user opened a site that\nembedded a specially crafted image, an attacker could exploit this to\nlog page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be\nactivated without consent or any visible indication. If a user were\ntricked in to opening a specially crafted website, an attacker could\nexploit this to eavesdrop on the user. (CVE-2014-3803).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2298-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected liboxideqtcore0, oxideqt-codecs and / or\noxideqt-codecs-extra packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"oxideqt-codecs-extra\", pkgver:\"1.0.4-0ubuntu0.14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0 / oxideqt-codecs / oxideqt-codecs-extra\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-11-01T02:27:23", "bulletinFamily": "scanner", "description": "Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-6908.NASL", "href": "https://www.tenable.com/plugins/nessus/83320", "published": "2015-05-11T00:00:00", "title": "Fedora 20 : v8-3.14.5.10-18.fc20 (2015-6908)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6908.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83320);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:52 $\");\n\n script_cve_id(\"CVE-2014-3152\");\n script_xref(name:\"FEDORA\", value:\"2015-6908\");\n\n script_name(english:\"Fedora 20 : v8-3.14.5.10-18.fc20 (2015-6908)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1101056\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f1a5b9e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"v8-3.14.5.10-18.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:23", "bulletinFamily": "scanner", "description": "Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-6845.NASL", "href": "https://www.tenable.com/plugins/nessus/83316", "published": "2015-05-11T00:00:00", "title": "Fedora 21 : v8-3.14.5.10-18.fc21 (2015-6845)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6845.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83316);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:52 $\");\n\n script_cve_id(\"CVE-2014-3152\");\n script_xref(name:\"FEDORA\", value:\"2015-6845\");\n\n script_name(english:\"Fedora 21 : v8-3.14.5.10-18.fc21 (2015-6845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1101056\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5222f135\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"v8-3.14.5.10-18.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:27:23", "bulletinFamily": "scanner", "description": "Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2015-6890.NASL", "href": "https://www.tenable.com/plugins/nessus/83318", "published": "2015-05-11T00:00:00", "title": "Fedora 22 : v8-3.14.5.10-18.fc22 (2015-6890)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-6890.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83318);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:14:52 $\");\n\n script_cve_id(\"CVE-2014-3152\");\n script_xref(name:\"FEDORA\", value:\"2015-6890\");\n\n script_name(english:\"Fedora 22 : v8-3.14.5.10-18.fc22 (2015-6890)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for ARM-only CVE-2014-3152\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1101056\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2262bde\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected v8 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"v8-3.14.5.10-18.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"v8\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:37:01", "bulletinFamily": "scanner", "description": "webkit reports :\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp in\nBlink, as used in Google Chrome before 35.0.1916.114, allows remote\nattackers to spoof the UI by extending scrollbar painting into the\nparent frame.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_1091D2D1CB2E11E5B14BBCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/88583", "published": "2016-02-05T00:00:00", "title": "FreeBSD : webkit -- UI spoof (1091d2d1-cb2e-11e5-b14b-bcaec565249c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88583);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2014-1748\");\n\n script_name(english:\"FreeBSD : webkit -- UI spoof (1091d2d1-cb2e-11e5-b14b-bcaec565249c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"webkit reports :\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp in\nBlink, as used in Google Chrome before 35.0.1916.114, allows remote\nattackers to spoof the UI by extending scrollbar painting into the\nparent frame.\"\n );\n # http://webkitgtk.org/security/WSA-2015-0002.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2015-0002.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1091d2d1-cb2e-11e5-b14b-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d372340\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2<2.4.9_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk3<2.4.9_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:24", "bulletinFamily": "unix", "description": "\nGoogle Chrome Releases reports:\n\n23 security fixes in this release, including:\n\n[356653] High CVE-2014-1743: Use-after-free in styles. Credit\n\t to cloudfuzzer.\n[359454] High CVE-2014-1744: Integer overflow in audio. Credit\n\t to Aaron Staple.\n[346192] High CVE-2014-1745: Use-after-free in SVG. Credit to\n\t Atte Kettunen of OUSPG.\n[364065] Medium CVE-2014-1746: Out-of-bounds read in media\n\t filters. Credit to Holger Fuhrmannek.\n[330663] Medium CVE-2014-1747: UXSS with local MHTML file.\n\t Credit to packagesu.\n[331168] Medium CVE-2014-1748: UI spoofing with scrollbar.\n\t Credit to Jordan Milne.\n[374649] CVE-2014-1749: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n[358057] CVE-2014-3152: Integer underflow in V8 fixed in\n\t version 3.25.28.16.\n\n\n", "modified": "2014-05-20T00:00:00", "published": "2014-05-20T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/64f3872b-e05d-11e3-9dd4-00262d5ed8ee.html", "id": "64F3872B-E05D-11E3-9DD4-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:32:50", "bulletinFamily": "unix", "description": "\nwebkit reports:\n\nThe ScrollView::paint function in platform/scroll/ScrollView.cpp\n\t in Blink, as used in Google Chrome before 35.0.1916.114, allows\n\t remote attackers to spoof the UI by extending scrollbar painting\n\t into the parent frame.\n\n", "modified": "2015-12-28T00:00:00", "published": "2015-12-28T00:00:00", "id": "1091D2D1-CB2E-11E5-B14B-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/1091d2d1-cb2e-11e5-b14b-bcaec565249c.html", "title": "webkit -- UI spoof", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:00", "bulletinFamily": "info", "description": "### *Detect date*:\n05/20/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome 34.0.1847.137 and earlier. Malicious can use these vulnerabilities to cause denial of service, spoof UI or possibly other impact.\n\n### *Affected products*:\nGoogle Chrome 34.0.1847.137 and earlier\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Google Chrome](<https://www.google.ru/chrome/browser/>)\n\n### *Original advisories*:\n[Google chrome blog](<http://googlechromereleases.blogspot.ru/2014/05/stable-channel-update_20.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2014-1748](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748>)5.0Critical \n[CVE-2014-1747](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1747>)4.3Critical \n[CVE-2014-3152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3152>)7.5Critical \n[CVE-2014-1749](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1749>)7.5Critical \n[CVE-2014-1744](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1744>)7.5Critical \n[CVE-2014-1743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1743>)7.5Critical \n[CVE-2014-1746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1746>)5.0Critical \n[CVE-2014-1745](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1745>)7.5Critical", "modified": "2019-03-07T00:00:00", "published": "2014-05-20T00:00:00", "id": "KLA10007", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10007", "title": "\r KLA10007Multiple vulnerabilities in Google Chrome ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2939-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 31, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 \n CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2014-1743\n\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.\n\nCVE-2014-1744\n\n Aaron Staple discovered an integer overflow issue in audio input\n handling.\n\nCVE-2014-1745\n\n Atte Kettunen discovered a use-after-free issue in the Blink/Webkit\n scalable vector graphics implementation. \n\nCVE-2014-1746\n\n Holger Fuhrmannek discovered an out-of-bounds read issue in the URL\n protocol implementation for handling media.\n\nCVE-2014-1747\n\n packagesu discovered a cross-site scripting issue involving\n malformed MHTML files.\n\nCVE-2014-1748\n\n Jordan Milne discovered a user interface spoofing issue.\n\nCVE-2014-1749\n\n The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.\n\nCVE-2014-3152\n\n An integer underflow issue was discovered in the v8 javascript\n library.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.\n\nFor the testing distribution (jessie), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-05-31T07:27:26", "published": "2014-05-31T07:27:26", "id": "DEBIAN:DSA-2939-1:3EA17", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00120.html", "title": "[SECURITY] [DSA 2939-1] chromium-browser security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2939-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMay 31, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2014-1743 CVE-2014-1744 CVE-2014-1745 CVE-2014-1746 \r\n CVE-2014-1747 CVE-2014-1748 CVE-2014-1749 CVE-2014-3152\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2014-1743\r\n\r\n cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\r\n document object model implementation.\r\n\r\nCVE-2014-1744\r\n\r\n Aaron Staple discovered an integer overflow issue in audio input\r\n handling.\r\n\r\nCVE-2014-1745\r\n\r\n Atte Kettunen discovered a use-after-free issue in the Blink/Webkit\r\n scalable vector graphics implementation. \r\n\r\nCVE-2014-1746\r\n\r\n Holger Fuhrmannek discovered an out-of-bounds read issue in the URL\r\n protocol implementation for handling media.\r\n\r\nCVE-2014-1747\r\n\r\n packagesu discovered a cross-site scripting issue involving\r\n malformed MHTML files.\r\n\r\nCVE-2014-1748\r\n\r\n Jordan Milne discovered a user interface spoofing issue.\r\n\r\nCVE-2014-1749\r\n\r\n The Google Chrome development team discovered and fixed multiple\r\n issues with potential security impact.\r\n\r\nCVE-2014-3152\r\n\r\n An integer underflow issue was discovered in the v8 javascript\r\n library.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 35.0.1916.114-1~deb7u2.\r\n\r\nFor the testing distribution (jessie), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 35.0.1916.114-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJTiYO1AAoJELjWss0C1vRz2cMf/ixDiv7EKNOdYllZu0pGCtPu\r\nwQ2G+zBv3EIV4vsmXzhp4sQS2hK2U4FLtCJz8lR3tSjOYkVca4sEAdKIp7kpsVMM\r\nOONydls7xoiJGgUT5DU38SFHXtJ9svhx54ENY+1MY7+DZerfRqTWt7Hl87G2Tw0M\r\nVctpPkY6z93qlREF2RQTnuMYiBzpK5cuwqRbvbgZHODYDoDb1PnIsV+g9kIha4I+\r\nXE4zC2GAsQnf3StxEZXY+SQ/Xoqr+LDaMo1xq2mJ/8X+SERlMPEWOZXtFn4OMO51\r\nC7WO3jwSvZcHqpj/85milzUafkYb/C8URpXb6QdOape5Sga7zTVHHxP06VAcG5Rs\r\n9ZndOqPb6D8dchCBOGdM7cNZ/8vWyn01kT6XgWwySq1EsF1hA6oX9FWtteijpOpX\r\n9SxtDhQTcb/oUKjWYoc7czudBl85y9ZBUVEmh7AoOrsiMbM/TT3p71+z0zAPILV9\r\nksbn5eLgzMY4dXr2CO4FjnCztx6Nq1QSP2sWa7x/bnHHc3KFI7UirlGRpa6Ke417\r\nq0Mj2BnlQCli684dffV66jYUrr/6OamzJr8LzR1iM4/UWRkN5rmm6diSqm0CXPTn\r\nMfo/7Qe8g2gr6jKibb9ZOBy/pmwvLgnslvWpkk8LbvgrNVrizbl6zoWc7B/Gh/Z2\r\nxBXkVEwptEltAeShDBvroAnLFbBlEV6TqncF1+evJKA4c8vcbBkjQMHVJ720V4jE\r\nc9YbQGQnegOLwODHQujYYoQpu4xhBZir/Kzl3dcBLDTLTrb/+MqyGaHyNMl9XU83\r\ndYJGh05pTnvwwsOZzJz7G78ZTWkw5ocpuj6a/lQGTK6nW5XD+UScgV5c1qCxLOw7\r\nfqmYripUx7uFPf7Fz85XZNGVO+GU7rKV7M4np2MzvsGOavo3VJKBnx//vJd3CDsu\r\nR88G0rGFPzKCKjYMMkHjC+A5tls2SHH+nzUm7ZV8gknMGJX7YgvDIg4Tg8qsKLQj\r\nuktm9VDUa3whrT3AdCSjw/Fjr70S/J96ZF59s4qfZmqqNEQ0xs3gYX9is9ufNI+8\r\nfPUHv0bogLmngZjulfulmrsX/Ai5bpnSph2gG6uIks5d82iQrco9cS87/rd1hovK\r\nZNV7jJlQE6t1bB2A8JH/UZn3l+yy/guanKdGwiJOZT4UMqY/hurfZDfFKHIBejZl\r\n03D3Gxd7oGi31nO7EvXGRjLm0xw0dNN+CBzRsxrRu2WPbbWh2OWwr9UrcEF3jdqR\r\n7dBA/UVCEKloOEZuu2H3vrko1mhewy4C7aAvQS2ZWBzUp8weQ9NZl9bR8KimcsSH\r\nxM6qzuZhfH1xY+sYfROnuoyuQK4edf5rssE4jowL3CzHAiFLw8fL9//xlbZRqTw=\r\n=Tlbj\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-06-09T00:00:00", "published": "2014-06-09T00:00:00", "id": "SECURITYVULNS:DOC:30793", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30793", "title": "[SECURITY] [DSA 2939-1] chromium-browser security update", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "description": "Protection bypass, use-after-free, memory corruptions, integer overflow.", "modified": "2014-06-09T00:00:00", "published": "2014-06-09T00:00:00", "id": "SECURITYVULNS:VULN:13748", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13748", "title": "Google Chrome / Chromium multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2014-12-21T00:00:00", "published": "2014-12-21T00:00:00", "id": "SECURITYVULNS:VULN:14148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14148", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nAPPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 \r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and\r\naddresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a website that frames malicious content may lead to\r\nUI spoofing\r\nDescription: A UI spoofing issue existed in the handling of\r\nscrollbar boundaries. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1748 : Jordan Milne\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\n\r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - https://gpgtools.org\r\n\r\niQIcBAEBCgAGBQJUfjjSAAoJEBcWfLTuOo7t1PsP/j0H8iRJiPtYVwRly6mxyDrv\r\n4Ji7sopCSNa96qcqn9jILbFTkthqaXE/vew2UdJgO5CSXqxcF50I9bUkPJyJBq4j\r\nqGEu8a54pMteNSCtox1mwzZu8tcOArc//oQhMPhqSRkEvjVv2bsJdQ9bmc1QqHhP\r\nHkJBN/HO8w5RvZ6o5PiitnOOwVOu2sEX80mI7eYKmRjl7AWMzVE6sER1boL+EyCW\r\n4F5s9610J7KjpWh2QewhhefYPootah9JCKoybTrrba+hBESYtHuRwTTkay7cgMkd\r\nJ+a4xdjngl/ySFqOH7IhnnUD8Cs5UelHk7HlwqoGTxsaRjKnWlZ+1PqtE5buN7v+\r\nSeZeYqeWwSJEeDis55dMIHuKmYl3XsAHU7405A8AW27YLh+ABrnZNctebHub3bJ8\r\nBayfF1h1AHh1UohXnz7u6o9LKavmKzy1VoUiTBKbon+4mBILuj9MlJVXxCIq/8Sl\r\nkmxKlE969d1Ij/6LeNKb/BZ9SYoEOdkgZdqO5BNNtsBgE17xm5yGuJeZyour5hSM\r\n8a9FwRf9QjKD/xodIP0VtB/c53eUe1DRJNgwXkmC4K+7nslBexmzDOxs2bG2LXOU\r\nz0aExXx0goTI5K14PRFE+hLVDOw0jNjp7K2EQAKSK9oKF1sR/tk2nqO/AduSArbe\r\nbftlUMkfPwAuqhtNajQZ\r\n=S2wI\r\n-----END PGP SIGNATURE\u2014\u2014\r\n\r\n", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "SECURITYVULNS:DOC:31492", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31492", "title": "APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:48", "bulletinFamily": "info", "description": "Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers.\n\nAmong the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn\u2019t disclose the details of all of the various security vulnerabilities, but of the eight that it listed in its advisory, those three are the most serious.\n\nThe full list of vulnerabilities patched in Chrome 35 will be published later, but here are the ones that Google has published and received bug bounties:\n\n[$3000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**356653**](<https://code.google.com/p/chromium/issues/detail?id=356653>)] **High **CVE-2014-1743: Use-after-free in styles. _Credit to cloudfuzzer._\n\n[$3000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**359454**](<https://code.google.com/p/chromium/issues/detail?id=359454>)] **High **CVE-2014-1744: Integer overflow in audio. _Credit to Aaron Staple._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**346192**](<https://code.google.com/p/chromium/issues/detail?id=346192>)] **High **CVE-2014-1745: Use-after-free in SVG. _Credit to Atte Kettunen of OUSPG._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**364065**](<https://code.google.com/p/chromium/issues/detail?id=364065>)] **Medium **CVE-2014-1746: Out-of-bounds read in media filters. _Credit to Holger Fuhrmannek._\n\n[$1000][**[**](<https://code.google.com/p/chromium/issues/detail?id=354123>)[**330663**](<https://code.google.com/p/chromium/issues/detail?id=330663>)] **Medium **CVE-2014-1747: UXSS with local MHTML file. _Credit to packagesu._\n\n[$500][[**331168**](<https://code.google.com/p/chromium/issues/detail?id=331168>)] **Medium **CVE-2014-1748: UI spoofing with scrollbar. _Credit to Jordan Milne._\n\nUsers running Chrome should upgrade as soon as possible in order to avoid attacks against these flaws.\n", "modified": "2014-05-20T18:11:21", "published": "2014-05-20T14:11:21", "id": "THREATPOST:BE295CCB6FC1FBBC4D99DAD78F09067A", "href": "https://threatpost.com/chrome-35-fixes-23-security-flaws/106188/", "type": "threatpost", "title": "Chrome 35 Fixes 23 Security Flaws", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2019-05-29T18:13:46", "bulletinFamily": "NVD", "description": "The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.", "modified": "2017-01-07T03:00:00", "id": "CVE-2014-3803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3803", "published": "2014-05-21T11:14:00", "title": "CVE-2014-3803", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1749", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1749", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1749", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1744", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1744", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:45", "bulletinFamily": "NVD", "description": "Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-3152", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3152", "published": "2014-05-21T11:14:00", "title": "CVE-2014-3152", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1743", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1743", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1746", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1746", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka \"Universal XSS (UXSS).\"", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1747", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1747", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1745", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1745", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1745", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:13:44", "bulletinFamily": "NVD", "description": "The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.", "modified": "2017-12-29T02:29:00", "id": "CVE-2014-1748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1748", "published": "2014-05-21T11:14:00", "title": "CVE-2014-1748", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:27", "bulletinFamily": "unix", "description": "A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1730)\n\nA type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1731)\n\nMultiple security issues including memory safety bugs were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1735, CVE-2014-3162)\n\nMultiple use-after-free issues were discovered in the WebSockets implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1740)\n\nMultiple integer overflows were discovered in CharacterData implementation. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1741)\n\nMultiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-1742, CVE-2014-1743)\n\nAn integer overflow bug was discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-1744)\n\nAn out-of-bounds read was discovered in Chromium. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2014-1746)\n\nIt was discovered that Blink allowed scrollbar painting to extend in to the parent frame in some circumstances. An attacker could potentially exploit this to conduct clickjacking attacks via UI redress. (CVE-2014-1748)\n\nAn integer underflow was discovered in Blink. If a user were tricked in to opening a specially crafter website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3152)\n\nA use-after-free was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3154)\n\nA security issue was discovered in the SPDY implementation. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-3155)\n\nA heap overflow was discovered in Chromium. If a use were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-3157)\n\nIt was discovered that Blink did not enforce security rules for subresource loading in SVG images. If a user opened a site that embedded a specially crafted image, an attacker could exploit this to log page views. (CVE-2014-3160)\n\nIt was discovered that the SpeechInput feature in Blink could be activated without consent or any visible indication. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to eavesdrop on the user. (CVE-2014-3803)", "modified": "2014-07-23T00:00:00", "published": "2014-07-23T00:00:00", "id": "USN-2298-1", "href": "https://usn.ubuntu.com/2298-1/", "title": "Oxide vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2019-05-29T19:21:48", "bulletinFamily": "unix", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.", "modified": "2016-03-21T00:00:00", "published": "2016-03-21T00:00:00", "id": "USN-2937-1", "href": "https://usn.ubuntu.com/2937-1/", "title": "WebKitGTK+ vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-37.0.2062.94\"", "modified": "2014-08-30T00:00:00", "published": "2014-08-30T00:00:00", "id": "GLSA-201408-16", "href": "https://security.gentoo.org/glsa/201408-16", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
