Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)
2013-04-02T00:00:00
ID OPENVAS:1361412562310803360 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2020-04-21T00:00:00
Description
This host is installed with Google Chrome and is prone to multiple
vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
#
# Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)
#
# Authors:
# Arun Kallavi <karun@secpod.com>
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.803360");
script_version("2020-04-21T11:03:03+0000");
script_cve_id("CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0920",
"CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924",
"CVE-2013-0925", "CVE-2013-0926");
script_bugtraq_id(58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732,
58733, 58734);
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)");
script_tag(name:"creation_date", value:"2013-04-02 12:24:45 +0530 (Tue, 02 Apr 2013)");
script_name("Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)");
script_xref(name:"URL", value:"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm");
script_xref(name:"URL", value:"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities");
script_xref(name:"URL", value:"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html");
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("General");
script_dependencies("gb_google_chrome_detect_macosx.nasl");
script_mandatory_keys("GoogleChrome/MacOSX/Version");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to execute arbitrary code in
the context of the browser, bypass security restrictions, cause
denial-of-service condition or possibly have unspecified other impact.");
script_tag(name:"affected", value:"Google Chrome versions prior to 26.0.1410.43 on MAC OS X");
script_tag(name:"insight", value:"For more details about the vulnerabilities refer the reference section.");
script_tag(name:"solution", value:"Upgrade to the Google Chrome 26.0.1410.43 or later.");
script_tag(name:"summary", value:"This host is installed with Google Chrome and is prone to multiple
vulnerabilities.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
chromeVer = get_kb_item("GoogleChrome/MacOSX/Version");
if(!chromeVer){
exit(0);
}
if(version_is_less(version:chromeVer, test_version:"26.0.1410.43"))
{
report = report_fixed_ver(installed_version:chromeVer, fixed_version:"26.0.1410.43");
security_message(port: 0, data: report);
exit(0);
}
{"id": "OPENVAS:1361412562310803360", "type": "openvas", "bulletinFamily": "scanner", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "published": "2013-04-02T00:00:00", "modified": "2020-04-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803360", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities", "http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm", "http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html"], "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "lastseen": "2020-04-23T19:05:49", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "chrome", "idList": ["GCSA-2543406049002500947"]}, {"type": "cve", "idList": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0916", "DEBIANCVE:CVE-2013-0917", "DEBIANCVE:CVE-2013-0918", "DEBIANCVE:CVE-2013-0920", "DEBIANCVE:CVE-2013-0921", "DEBIANCVE:CVE-2013-0922", "DEBIANCVE:CVE-2013-0923", "DEBIANCVE:CVE-2013-0924", "DEBIANCVE:CVE-2013-0925", "DEBIANCVE:CVE-2013-0926"]}, {"type": "freebsd", "idList": ["BDD48858-9656-11E2-A9A8-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201309-16"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-SAFARI-CVE-2013-0926/"]}, {"type": "nessus", "idList": ["6724.PASL", "6856.PRM", "8013.PRM", "APPLE_IOS_70_CHECK.NBIN", "FREEBSD_PKG_BDD48858965611E2A9A800262D5ED8EE.NASL", "GENTOO_GLSA-201309-16.NASL", "GOOGLE_CHROME_26_0_1410_43.NASL", "MACOSX_SAFARI6_0_5.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121030", "OPENVAS:1361412562310803358", "OPENVAS:1361412562310803359", "OPENVAS:803358", "OPENVAS:803359", "OPENVAS:803360"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29465", "SECURITYVULNS:DOC:29840", "SECURITYVULNS:VULN:13127", "SECURITYVULNS:VULN:13297"]}, {"type": "threatpost", "idList": ["THREATPOST:CE70F2B6CF76B54F4B98E3C93CE55EBE"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0916", "UB:CVE-2013-0917", "UB:CVE-2013-0918", "UB:CVE-2013-0920", "UB:CVE-2013-0921", "UB:CVE-2013-0922", "UB:CVE-2013-0923", "UB:CVE-2013-0924", "UB:CVE-2013-0925", "UB:CVE-2013-0926"]}], "rev": 4}, "score": {"value": 8.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "chrome", "idList": ["GCSA-2543406049002500947"]}, {"type": "cve", "idList": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-0925"]}, {"type": "freebsd", "idList": ["BDD48858-9656-11E2-A9A8-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201309-16"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-SAFARI-CVE-2013-0926/"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_26_0_1410_43.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:803359"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13297"]}, {"type": "threatpost", "idList": ["THREATPOST:CE70F2B6CF76B54F4B98E3C93CE55EBE"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-0920"]}]}, "exploitation": null, "vulnersScore": 8.1}, "pluginID": "1361412562310803360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803360\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\");\n script_bugtraq_id(58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732,\n 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:45 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)\");\n script_xref(name:\"URL\", value:\"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name:\"URL\", value:\"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\");\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 26.0.1410.43 on MAC OS X\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 26.0.1410.43 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"26.0.1410.43\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "naslFamily": "General", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"nessus": [{"lastseen": "2022-04-12T15:30:49", "description": "The version of Google Chrome installed on the remote host is a version prior to 26.0.1410.43 and is, therefore, affected by the following vulnerabilities :\n\n - Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. (CVE-2013-0916, CVE-2013-0920)\n\n - An out-of-bounds read error exists related to the URL loader. (CVE-2013-0917)\n\n - An unspecified error exists related to 'drag and drop' actions and the developer tools. (CVE-2013-0918)\n\n - An unspecified error exists related to website process isolation. (CVE-2013-0921)\n\n - An error exists related to HTTP basic authentication and brute-force attacks. (CVE-2013-0922)\n\n - A memory safety issue exists related to the 'USB Apps' API. (CVE-2013-0923)\n\n - A permissions error exists related to extensions API and file permissions. (CVE-2013-0924)\n\n - URLs can be leaked to extensions even if the extension does not have the 'tabs' permission. (CVE-2013-0925)\n\n - An error exists related to 'active tags' and the paste action that has unspecified impact. (CVE-2013-0926)", "cvss3": {"score": null, "vector": null}, "published": "2013-03-26T00:00:00", "type": "nessus", "title": "Google Chrome < 26.0.1410.43 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_26_0_1410_43.NASL", "href": "https://www.tenable.com/plugins/nessus/65691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65691);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2013-0916\",\n \"CVE-2013-0917\",\n \"CVE-2013-0918\",\n \"CVE-2013-0920\",\n \"CVE-2013-0921\",\n \"CVE-2013-0922\",\n \"CVE-2013-0923\",\n \"CVE-2013-0924\",\n \"CVE-2013-0925\",\n \"CVE-2013-0926\"\n );\n script_bugtraq_id(\n 58723,\n 58724,\n 58725,\n 58728,\n 58729,\n 58730,\n 58731,\n 58732,\n 58733,\n 58734\n );\n\n script_name(english:\"Google Chrome < 26.0.1410.43 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a\nversion prior to 26.0.1410.43 and is, therefore, affected by the\nfollowing vulnerabilities :\n\n - Use-after-free errors exist related to 'Web Audio' and\n the extension bookmarks API. (CVE-2013-0916,\n CVE-2013-0920)\n\n - An out-of-bounds read error exists related to the URL\n loader. (CVE-2013-0917)\n\n - An unspecified error exists related to 'drag and drop'\n actions and the developer tools. (CVE-2013-0918)\n\n - An unspecified error exists related to website process\n isolation. (CVE-2013-0921)\n\n - An error exists related to HTTP basic authentication\n and brute-force attacks. (CVE-2013-0922)\n\n - A memory safety issue exists related to the 'USB Apps'\n API. (CVE-2013-0923)\n\n - A permissions error exists related to extensions API\n and file permissions. (CVE-2013-0924)\n\n - URLs can be leaked to extensions even if the extension\n does not have the 'tabs' permission. (CVE-2013-0925)\n\n - An error exists related to 'active tags' and the paste\n action that has unspecified impact. (CVE-2013-0926)\");\n # https://chromereleases.googleblog.com/2013/03/stable-channel-update_26.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f4baa820\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 26.0.1410.43 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0925\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'26.0.1410.43', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:55:22", "description": "Google Chrome Releases reports :\n\n[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.\n\n[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).\n\n[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.\n\n[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).\n\n[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).\n\n[174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.\n\n[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute-force attempts. Credit to 't3553r'.\n\n[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).\n\n[169632] Low CVE-2013-0924: Check an extension's permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.\n\n[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.\n\n[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).", "cvss3": {"score": null, "vector": null}, "published": "2013-04-08T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (bdd48858-9656-11e2-a9a8-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_BDD48858965611E2A9A800262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/65850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65850);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (bdd48858-9656-11e2-a9a8-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to\nAtte Kettunen of OUSPG.\n\n[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit\nto Google Chrome Security Team (Cris Neckar).\n\n[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and\ndrop. Credit to Vsevolod Vlasov of the Chromium development community.\n\n[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up\nwindows in extensions. Credit to Google Chrome Security Team (Mustafa\nEmre Acer).\n\n[177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks\nAPI. Credit to Google Chrome Security Team (Mustafa Emre Acer).\n\n[174943] High CVE-2013-0921: Ensure isolated web sites run in their\nown processes.\n\n[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute-force\nattempts. Credit to 't3553r'.\n\n[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues\nin the USB Apps API. Credit to Google Chrome Security Team (Mustafa\nEmre Acer).\n\n[169632] Low CVE-2013-0924: Check an extension's permissions API usage\nagain file permissions. Credit to Benjamin Kalman of the Chromium\ndevelopment community.\n\n[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without\nthe tabs permissions. Credit to Michael Vrable of Google.\n\n[112325] Medium CVE-2013-0926: Avoid pasting active tags in certain\nsituations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c\n(xysec.com).\"\n );\n # http://googlechromereleases.blogspot.nl/search/Stable%20Updates\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6bd43a3e\"\n );\n # http://www.freebsd.org/ports/portaudit/bdd48858-9656-11e2-a9a8-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a5ef16f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<26.0.1410.43\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:14:57", "description": "Versions of Google Chrome prior to 26.0.1410.43 are affected by the following vulnerabilities :\n\n - Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. (CVE-2013-0916, CVE-2013-0920)\n\n - An out-of-bounds read error exists related to the URL loader. (CVE-2013-0917)\n\n - An unspecified error exists related to 'drag and drop' actions and the developer tools. (CVE-2013-0918)\n\n - An issue occurs due to a user-after-free with pop-ip windows in extensions, that can cause a remote memory-corruption. Note: (Linux Only). (CVE-2013-0919)\n\n - An unspecified error exists related to website process isolation. (CVE-2013-0921)\n\n - An error exists related to HTTP basic authentication and brute force attacks. (CVE-2013-0922)\n\n - A memory safety issue exists related to the 'USB Apps' API. (CVE-2013-0923)\n\n - A permissions error exists related to extensions API and file permissions. (CVE-2013-0924)\n\n - URLs can be leaked to extensions even if the extension does not have the 'tabs' permission. (CVE-2013-0925)\n\n - An error exists related to 'active tags' and the paste action that has unspecified impact. (CVE-2013-0926)", "cvss3": {"score": null, "vector": null}, "published": "2013-03-27T00:00:00", "type": "nessus", "title": "Google Chrome < 26.0.1410.43 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "6724.PASL", "href": "https://www.tenable.com/plugins/nnm/6724", "sourceData": "Binary data 6724.pasl", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:11", "description": "The remote host is affected by the vulnerability described in GLSA-201309-16 (Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\n Impact :\n\n A context-dependent attacker could entice a user to open a specially crafted website or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-25T00:00:00", "type": "nessus", "title": "GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5118", "CVE-2012-5120", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128", "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138", "CVE-2012-5139", "CVE-2012-5140", "CVE-2012-5141", "CVE-2012-5142", "CVE-2012-5143", "CVE-2012-5144", "CVE-2012-5145", "CVE-2012-5146", "CVE-2012-5147", "CVE-2012-5148", "CVE-2012-5149", "CVE-2012-5150", "CVE-2012-5151", "CVE-2012-5152", "CVE-2012-5153", "CVE-2012-5154", "CVE-2013-0828", "CVE-2013-0829", "CVE-2013-0830", "CVE-2013-0831", "CVE-2013-0832", "CVE-2013-0833", "CVE-2013-0834", "CVE-2013-0835", "CVE-2013-0836", "CVE-2013-0837", "CVE-2013-0838", "CVE-2013-0839", "CVE-2013-0840", "CVE-2013-0841", "CVE-2013-0842", "CVE-2013-0879", "CVE-2013-0880", "CVE-2013-0881", "CVE-2013-0882", "CVE-2013-0883", "CVE-2013-0884", "CVE-2013-0885", "CVE-2013-0887", "CVE-2013-0888", "CVE-2013-0889", "CVE-2013-0890", "CVE-2013-0891", "CVE-2013-0892", "CVE-2013-0893", "CVE-2013-0894", "CVE-2013-0895", "CVE-2013-0896", "CVE-2013-0897", "CVE-2013-0898", "CVE-2013-0899", "CVE-2013-0900", "CVE-2013-0902", "CVE-2013-0903", "CVE-2013-0904", "CVE-2013-0905", "CVE-2013-0906", "CVE-2013-0907", "CVE-2013-0908", "CVE-2013-0909", "CVE-2013-0910", "CVE-2013-0911", "CVE-2013-0912", "CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926", "CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849", "CVE-2013-2853", "CVE-2013-2855", "CVE-2013-2856", "CVE-2013-2857", "CVE-2013-2858", "CVE-2013-2859", "CVE-2013-2860", "CVE-2013-2861", "CVE-2013-2862", "CVE-2013-2863", "CVE-2013-2865", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2874", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880", "CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886", "CVE-2013-2887", "CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:v8", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201309-16.NASL", "href": "https://www.tenable.com/plugins/nessus/70112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201309-16.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70112);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5116\", \"CVE-2012-5117\", \"CVE-2012-5118\", \"CVE-2012-5120\", \"CVE-2012-5121\", \"CVE-2012-5122\", \"CVE-2012-5123\", \"CVE-2012-5124\", \"CVE-2012-5125\", \"CVE-2012-5126\", \"CVE-2012-5127\", \"CVE-2012-5128\", \"CVE-2012-5130\", \"CVE-2012-5132\", \"CVE-2012-5133\", \"CVE-2012-5135\", \"CVE-2012-5136\", \"CVE-2012-5137\", \"CVE-2012-5138\", \"CVE-2012-5139\", \"CVE-2012-5140\", \"CVE-2012-5141\", \"CVE-2012-5142\", \"CVE-2012-5143\", \"CVE-2012-5144\", \"CVE-2012-5145\", \"CVE-2012-5146\", \"CVE-2012-5147\", \"CVE-2012-5148\", \"CVE-2012-5149\", \"CVE-2012-5150\", \"CVE-2012-5151\", \"CVE-2012-5152\", \"CVE-2012-5153\", \"CVE-2012-5154\", \"CVE-2013-0828\", \"CVE-2013-0829\", \"CVE-2013-0830\", \"CVE-2013-0831\", \"CVE-2013-0832\", \"CVE-2013-0833\", \"CVE-2013-0834\", \"CVE-2013-0835\", \"CVE-2013-0836\", \"CVE-2013-0837\", \"CVE-2013-0838\", \"CVE-2013-0839\", \"CVE-2013-0840\", \"CVE-2013-0841\", \"CVE-2013-0842\", \"CVE-2013-0879\", \"CVE-2013-0880\", \"CVE-2013-0881\", \"CVE-2013-0882\", \"CVE-2013-0883\", \"CVE-2013-0884\", \"CVE-2013-0885\", \"CVE-2013-0887\", \"CVE-2013-0888\", \"CVE-2013-0889\", \"CVE-2013-0890\", \"CVE-2013-0891\", \"CVE-2013-0892\", \"CVE-2013-0893\", \"CVE-2013-0894\", \"CVE-2013-0895\", \"CVE-2013-0896\", \"CVE-2013-0897\", \"CVE-2013-0898\", \"CVE-2013-0899\", \"CVE-2013-0900\", \"CVE-2013-0902\", \"CVE-2013-0903\", \"CVE-2013-0904\", \"CVE-2013-0905\", \"CVE-2013-0906\", \"CVE-2013-0907\", \"CVE-2013-0908\", \"CVE-2013-0909\", \"CVE-2013-0910\", \"CVE-2013-0911\", \"CVE-2013-0912\", \"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-2836\", \"CVE-2013-2837\", \"CVE-2013-2838\", \"CVE-2013-2839\", \"CVE-2013-2840\", \"CVE-2013-2841\", \"CVE-2013-2842\", \"CVE-2013-2843\", \"CVE-2013-2844\", \"CVE-2013-2845\", \"CVE-2013-2846\", \"CVE-2013-2847\", \"CVE-2013-2848\", \"CVE-2013-2849\", \"CVE-2013-2853\", \"CVE-2013-2855\", \"CVE-2013-2856\", \"CVE-2013-2857\", \"CVE-2013-2858\", \"CVE-2013-2859\", \"CVE-2013-2860\", \"CVE-2013-2861\", \"CVE-2013-2862\", \"CVE-2013-2863\", \"CVE-2013-2865\", \"CVE-2013-2867\", \"CVE-2013-2868\", \"CVE-2013-2869\", \"CVE-2013-2870\", \"CVE-2013-2871\", \"CVE-2013-2874\", \"CVE-2013-2875\", \"CVE-2013-2876\", \"CVE-2013-2877\", \"CVE-2013-2878\", \"CVE-2013-2879\", \"CVE-2013-2880\", \"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\", \"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_bugtraq_id(56413, 56684, 56741, 56903, 58318, 58388, 58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731, 58732, 58733, 58734, 59326, 59327, 59328, 59330, 59331, 59332, 59334, 59336, 59337, 59338, 59339, 59340, 59342, 59343, 59344, 59345, 59346, 59347, 59349, 59351, 59413, 59414, 59415, 59416, 59417, 59418, 59419, 59420, 59422, 59423, 59425, 59427, 59428, 59429, 59430, 59431, 59433, 59435, 59436, 59437, 59438, 59515, 59516, 59518, 59520, 59521, 59522, 59523, 59524, 59680, 59681, 59682, 59683, 60062, 60063, 60064, 60065, 60066, 60067, 60068, 60069, 60070, 60071, 60072, 60073, 60074, 60076, 60395, 60396, 60397, 60398, 60399, 60400, 60401, 60403, 60404, 60405, 61046, 61047, 61049, 61050, 61051, 61052, 61054, 61055, 61057, 61059, 61060, 61061, 61547, 61548, 61549, 61550, 61551, 61552, 61885, 61886, 61887, 61888, 61889, 61890, 61891);\n script_xref(name:\"GLSA\", value:\"201309-16\");\n\n script_name(english:\"GLSA-201309-16 : Chromium, V8: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201309-16\n(Chromium, V8: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and V8. Please\n review the CVE identifiers and release notes referenced below for\n details.\n \nImpact :\n\n A context-dependent attacker could entice a user to open a specially\n crafted website or JavaScript program using Chromium or V8, possibly\n resulting in the execution of arbitrary code with the privileges of the\n process or a Denial of Service condition. Furthermore, a remote attacker\n may be able to bypass security restrictions or have other, unspecified,\n impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b9b0b08\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f59319e\"\n );\n # https://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee73f07e\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201309-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-29.0.1457.57'\n All V8 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/v8-3.18.5.14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:v8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 29.0.1457.57\"), vulnerable:make_list(\"lt 29.0.1457.57\"))) flag++;\nif (qpkg_check(package:\"dev-lang/v8\", unaffected:make_list(\"ge 3.18.5.14\"), vulnerable:make_list(\"lt 3.18.5.14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / V8\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:47", "description": "The version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.5. It is, therefore, potentially affected by several issues :\n\n - Multiple memory corruption vulnerabilities exist in WebKit that could lead to unexpected program termination or arbitrary code execution. (CVE-2013-0879 / CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 / CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 / CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 / CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 / CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 / CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 / CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 / CVE-2013-1023)\n\n - A cross-site scripting issue exists in WebKit's handling of iframes. (CVE-2013-1012)\n\n - A cross-site scripting issue exists in WebKit's handling of copied and pasted data in HTML documents.\n (CVE-2013-0926)\n\n - In rewriting URLs to prevent cross-site scripting attacks, XSS Auditor could be abused, leading to malicious alteration of the behavior of a form submission. (CVE-2013-1013)", "cvss3": {"score": null, "vector": null}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0879", "CVE-2013-0926", "CVE-2013-0991", "CVE-2013-0992", "CVE-2013-0993", "CVE-2013-0994", "CVE-2013-0995", "CVE-2013-0996", "CVE-2013-0997", "CVE-2013-0998", "CVE-2013-0999", "CVE-2013-1000", "CVE-2013-1001", "CVE-2013-1002", "CVE-2013-1003", "CVE-2013-1004", "CVE-2013-1005", "CVE-2013-1006", "CVE-2013-1007", "CVE-2013-1008", "CVE-2013-1009", "CVE-2013-1010", "CVE-2013-1011", "CVE-2013-1012", "CVE-2013-1013", "CVE-2013-1023"], "modified": "2019-11-27T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI6_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/66810", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66810);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-0879\",\n \"CVE-2013-0926\",\n \"CVE-2013-0991\",\n \"CVE-2013-0992\",\n \"CVE-2013-0993\",\n \"CVE-2013-0994\",\n \"CVE-2013-0995\",\n \"CVE-2013-0996\",\n \"CVE-2013-0997\",\n \"CVE-2013-0998\",\n \"CVE-2013-0999\",\n \"CVE-2013-1000\",\n \"CVE-2013-1001\",\n \"CVE-2013-1002\",\n \"CVE-2013-1003\",\n \"CVE-2013-1004\",\n \"CVE-2013-1005\",\n \"CVE-2013-1006\",\n \"CVE-2013-1007\",\n \"CVE-2013-1008\",\n \"CVE-2013-1009\",\n \"CVE-2013-1010\",\n \"CVE-2013-1011\",\n \"CVE-2013-1012\",\n \"CVE-2013-1013\",\n \"CVE-2013-1023\"\n );\n script_bugtraq_id(\n 58731,\n 59326,\n 59944,\n 59953,\n 59954,\n 59955,\n 59956,\n 59957,\n 59958,\n 59959,\n 59960,\n 59963,\n 59964,\n 59965,\n 59967,\n 59970,\n 59971,\n 59972,\n 59973,\n 59974,\n 59976,\n 59977,\n 60361,\n 60362,\n 60363,\n 60364\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-06-04-2\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X 10.7 or\n10.8 host is earlier than 6.0.5. It is, therefore, potentially\naffected by several issues :\n\n - Multiple memory corruption vulnerabilities exist in\n WebKit that could lead to unexpected program termination\n or arbitrary code execution. (CVE-2013-0879 /\n CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 /\n CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 /\n CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 /\n CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 /\n CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 /\n CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 /\n CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 /\n CVE-2013-1023)\n\n - A cross-site scripting issue exists in WebKit's handling\n of iframes. (CVE-2013-1012)\n\n - A cross-site scripting issue exists in WebKit's handling\n of copied and pasted data in HTML documents.\n (CVE-2013-0926)\n\n - In rewriting URLs to prevent cross-site scripting\n attacks, XSS Auditor could be abused, leading to\n malicious alteration of the behavior of a form\n submission. (CVE-2013-1013)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-107/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-108/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-109/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5785\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/526807/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"6.0.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:43", "description": "The remote host has Safari installed. Versions of Safari earlier than 6.0.5 are reportedly affected by the following vulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities (CVE-2013-1012, CVE-2013-1013)\n - Multiple memory-corruption vulnerabilities exist that can be triggered by a specially crafted webpage. A remote attacker can exploit these issues to execute arbitrary code in in context of the user. (CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1009, CVE-2013-1010, CVE-2013-1011, CVE-2013-1023)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2013-06-05T00:00:00", "type": "nessus", "title": "Safari < 6.0.5 Multiple Security Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1011", "CVE-2013-0996", "CVE-2013-1004", "CVE-2013-1006", "CVE-2013-1005", "CVE-2013-0997", "CVE-2013-0999", "CVE-2013-0879", "CVE-2013-0995", "CVE-2013-1012", "CVE-2013-1002", "CVE-2013-1003", "CVE-2013-1000", "CVE-2013-1009", "CVE-2013-1023", "CVE-2013-0991", "CVE-2013-0926", "CVE-2013-0998", "CVE-2013-0993", "CVE-2013-1013", "CVE-2013-1007", "CVE-2013-0994", "CVE-2013-0992", "CVE-2013-1001", "CVE-2013-1008", "CVE-2013-1010"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "6856.PRM", "href": "https://www.tenable.com/plugins/nnm/6856", "sourceData": "Binary data 6856.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T18:39:18", "description": "The mobile device is running a version of iOS that is older than version 7. This version contains security-related fixes for the following components :\n\n - Certificate Trust Policy\n - CoreGraphics\n - CoreMedia\n - Data Protection\n - Data Security\n - dyld\n - File Systems\n - ImageIO\n - IOKit\n - IOKitUser\n - IOSerialFamily\n - IPSec\n - Kernel\n - Kext Management\n - libxml\n - libxslt\n - Passcode Lock\n - Personal Hotspot\n - Push Notifications\n - Safari\n - Sandbox\n - Social\n - Springboard\n - Telephony\n - Twitter\n - WebKit", "cvss3": {"score": null, "vector": null}, "published": "2013-09-19T00:00:00", "type": "nessus", "title": "Apple iOS < 7 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2391", "CVE-2011-3102", "CVE-2012-0841", "CVE-2012-2807", "CVE-2012-2825", "CVE-2012-2870", "CVE-2012-2871", "CVE-2012-5134", "CVE-2013-0879", "CVE-2013-0926", "CVE-2013-0957", "CVE-2013-0991", "CVE-2013-0992", "CVE-2013-0993", "CVE-2013-0994", "CVE-2013-0995", "CVE-2013-0996", "CVE-2013-0997", "CVE-2013-0998", "CVE-2013-0999", "CVE-2013-1000", "CVE-2013-1001", "CVE-2013-1002", "CVE-2013-1003", "CVE-2013-1004", "CVE-2013-1005", "CVE-2013-1006", "CVE-2013-1007", "CVE-2013-1008", "CVE-2013-1010", "CVE-2013-1012", "CVE-2013-1019", "CVE-2013-1025", "CVE-2013-1026", "CVE-2013-1028", "CVE-2013-1036", "CVE-2013-1037", "CVE-2013-1038", "CVE-2013-1039", "CVE-2013-1040", "CVE-2013-1041", "CVE-2013-1042", "CVE-2013-1043", "CVE-2013-1044", "CVE-2013-1045", "CVE-2013-1046", "CVE-2013-1047", "CVE-2013-2842", "CVE-2013-2848", "CVE-2013-3950", "CVE-2013-3953", "CVE-2013-3954", "CVE-2013-3955", "CVE-2013-4616", "CVE-2013-5125", "CVE-2013-5126", "CVE-2013-5127", "CVE-2013-5128", "CVE-2013-5129", "CVE-2013-5131", "CVE-2013-5137", "CVE-2013-5138", "CVE-2013-5139", "CVE-2013-5140", "CVE-2013-5141", "CVE-2013-5142", "CVE-2013-5145", "CVE-2013-5147", "CVE-2013-5149", "CVE-2013-5150", "CVE-2013-5151", "CVE-2013-5152", "CVE-2013-5153", "CVE-2013-5154", "CVE-2013-5155", "CVE-2013-5156", "CVE-2013-5157", "CVE-2013-5158", "CVE-2013-5159"], "modified": "2022-02-14T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_70_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/69984", "sourceData": "Binary data apple_ios_70_check.nbin", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:43", "description": "According to its banner, the remote Apple iOS device is missing a security update. Versions of Apple iOS older than 7.0 are affected by vulnerabilities within the following components :\n\n - Certificate Trust Policy\n - CoreGraphics\n - CoreMedia\n - Data Protection\n - Data Security\n - File Systems\n - IOKit\n - IOKitUser\n - IOSerialFamily\n - IPSec\n - ImageIO\n - Kernel\n - Kext Management\n - Passcode Lock\n - Personal Hotspot\n - Push Notifications\n - Safari\n - Sandbox\n - Social\n - Springboard\n - Telephony\n - Twitter\n - WebKit\n - dyld\n - libxml\n - libxslt", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-09-20T00:00:00", "type": "nessus", "title": "Apple iOS < 7.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2825", "CVE-2012-0841", "CVE-2011-3102", "CVE-2012-2807", "CVE-2012-2870", "CVE-2012-2871", "CVE-2011-2391", "CVE-2013-4616", "CVE-2013-5125", "CVE-2013-1037", "CVE-2013-5141", "CVE-2013-5158", "CVE-2013-1047", "CVE-2013-5155", "CVE-2013-0996", "CVE-2013-1004", "CVE-2013-5126", "CVE-2013-1026", "CVE-2013-0957", "CVE-2013-5151", "CVE-2013-1041", "CVE-2013-1036", "CVE-2013-5145", "CVE-2013-1006", "CVE-2013-1019", "CVE-2013-1042", "CVE-2013-5140", "CVE-2013-1005", "CVE-2013-0997", "CVE-2013-1043", "CVE-2013-0999", "CVE-2013-0879", "CVE-2013-0995", "CVE-2013-3954", "CVE-2013-5138", "CVE-2013-5153", "CVE-2013-2842", "CVE-2013-2848", "CVE-2013-1012", "CVE-2013-5157", "CVE-2013-5147", "CVE-2013-1002", "CVE-2013-5137", "CVE-2013-5152", "CVE-2013-1040", "CVE-2013-5127", "CVE-2013-3955", "CVE-2013-1028", "CVE-2013-3950", "CVE-2013-3953", "CVE-2013-1025", "CVE-2013-1003", "CVE-2013-5129", "CVE-2013-5156", "CVE-2013-5149", "CVE-2013-1000", "CVE-2013-5154", "CVE-2013-0991", "CVE-2013-0926", "CVE-2013-1044", "CVE-2013-1045", "CVE-2013-5131", "CVE-2013-5139", "CVE-2013-5142", "CVE-2013-0998", "CVE-2013-5159", "CVE-2013-0993", "CVE-2013-5150", "CVE-2013-1007", "CVE-2013-0994", "CVE-2013-1039", "CVE-2013-0992", "CVE-2013-1001", "CVE-2013-1008", "CVE-2013-1010", "CVE-2013-1038", "CVE-2013-1046", "CVE-2013-5128"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "8013.PRM", "href": "https://www.tenable.com/plugins/nnm/8013", "sourceData": "Binary data 8013.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-02T21:11:25", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2017-05-15T00:00:00", "id": "OPENVAS:803358", "href": "http://plugins.openvas.org/nasl.php?oid=803358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_apr13_win.nasl 6125 2017-05-15 09:03:42Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\n Impact Level: System/Application\";\n\ntag_affected = \"Google Chrome versions prior to 26.0.1410.43 on Windows\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 26.0.1410.43 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803358);\n script_version(\"$Revision: 6125 $\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\");\n script_bugtraq_id(58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732,\n 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-15 11:03:42 +0200 (Mon, 15 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:45 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name : \"URL\" , value : \"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 26.0.1410.43\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:11:05", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2017-05-10T00:00:00", "id": "OPENVAS:803360", "href": "http://plugins.openvas.org/nasl.php?oid=803360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_apr13_macosx.nasl 6093 2017-05-10 09:03:18Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\n Impact Level: System/Application\";\n\ntag_affected = \"Google Chrome versions prior to 26.0.1410.43 on MAC OS X\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 26.0.1410.43 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803360);\n script_version(\"$Revision: 6093 $\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\");\n script_bugtraq_id(58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732,\n 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-10 11:03:18 +0200 (Wed, 10 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:45 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (MAC OS X)\");\n script_xref(name : \"URL\" , value : \"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name : \"URL\" , value : \"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"GoogleChrome/MacOSX/Version\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 26.0.1410.43\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:05:28", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803358", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803358\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\");\n script_bugtraq_id(58723, 58724, 58725, 58728, 58729, 58730, 58731, 58732,\n 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 12:24:45 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name:\"URL\", value:\"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\");\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 26.0.1410.43 on Windows\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 26.0.1410.43 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"GoogleChrome/Win/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"26.0.1410.43\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:11:23", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0919", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2017-05-12T00:00:00", "id": "OPENVAS:803359", "href": "http://plugins.openvas.org/nasl.php?oid=803359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_google_chrome_mult_vuln01_apr13_lin.nasl 6115 2017-05-12 09:03:25Z teissa $\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\n Impact Level: System/Application\";\n\ntag_affected = \"Google Chrome versions prior to 26.0.1410.43 on Linux\";\ntag_insight = \"For more details about the vulnerabilities refer the reference section.\";\ntag_solution = \"Upgrade to the Google Chrome 26.0.1410.43 or later,\n For updates refer to http://www.google.com/chrome\";\ntag_summary = \"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(803359);\n script_version(\"$Revision: 6115 $\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-0919\");\n script_bugtraq_id(58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731,\n 58732, 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 13:07:35 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name : \"URL\" , value : \"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nchromeVer = \"\";\n\n## Get the version from KB\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\n## Check for Google Chrome Versions prior to 26.0.1410.43\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-23T19:05:30", "description": "This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2013-04-02T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0919", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803359\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0920\",\n \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\",\n \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-0919\");\n script_bugtraq_id(58723, 58724, 58725, 58727, 58728, 58729, 58730, 58731,\n 58732, 58733, 58734);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-04-02 13:07:35 +0530 (Tue, 02 Apr 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-01 April 2013 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.dhses.ny.gov/ocs/advisories/2013/2013-034.cfm\");\n script_xref(name:\"URL\", value:\"http://energy.gov/cio/articles/v-121-google-chrome-multiple-vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/03/stable-channel-update_26.html\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code in\n the context of the browser, bypass security restrictions, cause\n denial-of-service condition or possibly have unspecified other impact.\");\n script_tag(name:\"affected\", value:\"Google Chrome versions prior to 26.0.1410.43 on Linux\");\n script_tag(name:\"insight\", value:\"For more details about the vulnerabilities refer the reference section.\");\n script_tag(name:\"solution\", value:\"Upgrade to the Google Chrome 26.0.1410.43 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nchromeVer = get_kb_item(\"Google-Chrome/Linux/Ver\");\nif(!chromeVer){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"26.0.1410.43\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"26.0.1410.43\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:10", "description": "Gentoo Linux Local Security Checks GLSA 201309-16", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201309-16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5126", "CVE-2012-5136", "CVE-2013-0898", "CVE-2013-2882", "CVE-2013-0833", "CVE-2013-0891", "CVE-2013-2845", "CVE-2013-2901", "CVE-2013-2842", "CVE-2012-5130", "CVE-2013-0838", "CVE-2013-0917", "CVE-2013-2887", "CVE-2013-0924", "CVE-2013-0894", "CVE-2013-2902", "CVE-2013-2840", "CVE-2013-0832", "CVE-2013-2903", "CVE-2012-5133", "CVE-2013-0906", "CVE-2012-5127", "CVE-2013-2880", "CVE-2013-0904", "CVE-2013-2867", "CVE-2012-5125", "CVE-2013-0899", "CVE-2013-2849", "CVE-2013-2841", "CVE-2013-0834", "CVE-2013-2878", "CVE-2012-5139", "CVE-2013-0881", "CVE-2013-2874", "CVE-2013-0839", "CVE-2012-5117", "CVE-2013-0882", "CVE-2013-0841", "CVE-2012-5137", "CVE-2012-5122", "CVE-2013-0888", "CVE-2013-2853", "CVE-2012-5149", "CVE-2013-2876", "CVE-2013-2886", "CVE-2013-0889", "CVE-2012-5151", "CVE-2013-0884", "CVE-2013-0837", "CVE-2013-2848", "CVE-2013-0922", "CVE-2013-2846", "CVE-2013-0842", "CVE-2012-5146", "CVE-2013-2865", "CVE-2012-5132", "CVE-2013-0879", "CVE-2013-2904", "CVE-2013-0887", "CVE-2013-0890", "CVE-2013-2884", "CVE-2013-0925", "CVE-2013-0908", "CVE-2013-2870", "CVE-2013-0923", "CVE-2012-5145", "CVE-2013-0895", "CVE-2013-0836", "CVE-2013-0919", "CVE-2013-2877", "CVE-2012-5124", "CVE-2012-5143", "CVE-2013-0830", "CVE-2012-5140", "CVE-2013-2837", "CVE-2013-2856", "CVE-2012-5118", "CVE-2013-0880", "CVE-2013-0892", "CVE-2013-2875", "CVE-2013-0926", "CVE-2013-2847", "CVE-2013-0918", "CVE-2013-2881", "CVE-2012-5152", "CVE-2013-2861", "CVE-2013-2869", "CVE-2013-0902", "CVE-2013-2855", "CVE-2013-0835", "CVE-2012-5116", "CVE-2013-0920", "CVE-2012-5128", "CVE-2013-0900", "CVE-2013-2838", "CVE-2013-2863", "CVE-2012-5147", "CVE-2012-5141", "CVE-2013-2900", "CVE-2013-2844", "CVE-2013-2839", "CVE-2013-0910", "CVE-2013-0840", "CVE-2013-0909", "CVE-2013-0893", "CVE-2012-5154", "CVE-2013-0907", "CVE-2013-2862", "CVE-2013-2871", "CVE-2013-0897", "CVE-2013-2836", "CVE-2013-0828", "CVE-2013-2905", "CVE-2012-5120", "CVE-2013-0916", "CVE-2012-5123", "CVE-2013-0903", "CVE-2013-0912", "CVE-2013-2868", "CVE-2013-0911", "CVE-2013-0905", "CVE-2013-2859", "CVE-2013-0885", "CVE-2013-2879", "CVE-2013-2858", "CVE-2012-5135", "CVE-2012-5148", "CVE-2013-0829", "CVE-2013-0831", "CVE-2012-5144", "CVE-2013-0883", "CVE-2012-5150", "CVE-2013-2843", "CVE-2013-2860", "CVE-2013-0896", "CVE-2012-5138", "CVE-2013-2857", "CVE-2012-5153", "CVE-2012-5121", "CVE-2013-2883", "CVE-2012-5142", "CVE-2013-0921", "CVE-2013-2885"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201309-16.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121030\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:25:53 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201309-16\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201309-16\");\n script_cve_id(\"CVE-2012-5116\", \"CVE-2012-5117\", \"CVE-2012-5118\", \"CVE-2012-5120\", \"CVE-2012-5121\", \"CVE-2012-5122\", \"CVE-2012-5123\", \"CVE-2012-5124\", \"CVE-2012-5125\", \"CVE-2012-5126\", \"CVE-2012-5127\", \"CVE-2012-5128\", \"CVE-2012-5130\", \"CVE-2012-5132\", \"CVE-2012-5133\", \"CVE-2012-5135\", \"CVE-2012-5136\", \"CVE-2012-5137\", \"CVE-2012-5138\", \"CVE-2012-5139\", \"CVE-2012-5140\", \"CVE-2012-5141\", \"CVE-2012-5142\", \"CVE-2012-5143\", \"CVE-2012-5144\", \"CVE-2012-5145\", \"CVE-2012-5146\", \"CVE-2012-5147\", \"CVE-2012-5148\", \"CVE-2012-5149\", \"CVE-2012-5150\", \"CVE-2012-5151\", \"CVE-2012-5152\", \"CVE-2012-5153\", \"CVE-2012-5154\", \"CVE-2013-0828\", \"CVE-2013-0829\", \"CVE-2013-0830\", \"CVE-2013-0831\", \"CVE-2013-0832\", \"CVE-2013-0833\", \"CVE-2013-0834\", \"CVE-2013-0835\", \"CVE-2013-0836\", \"CVE-2013-0837\", \"CVE-2013-0838\", \"CVE-2013-0839\", \"CVE-2013-0840\", \"CVE-2013-0841\", \"CVE-2013-0842\", \"CVE-2013-0879\", \"CVE-2013-0880\", \"CVE-2013-0881\", \"CVE-2013-0882\", \"CVE-2013-0883\", \"CVE-2013-0884\", \"CVE-2013-0885\", \"CVE-2013-0887\", \"CVE-2013-0888\", \"CVE-2013-0889\", \"CVE-2013-0890\", \"CVE-2013-0891\", \"CVE-2013-0892\", \"CVE-2013-0893\", \"CVE-2013-0894\", \"CVE-2013-0895\", \"CVE-2013-0896\", \"CVE-2013-0897\", \"CVE-2013-0898\", \"CVE-2013-0899\", \"CVE-2013-0900\", \"CVE-2013-0902\", \"CVE-2013-0903\", \"CVE-2013-0904\", \"CVE-2013-0905\", \"CVE-2013-0906\", \"CVE-2013-0907\", \"CVE-2013-0908\", \"CVE-2013-0909\", \"CVE-2013-0910\", \"CVE-2013-0911\", \"CVE-2013-0912\", \"CVE-2013-0916\", \"CVE-2013-0917\", \"CVE-2013-0918\", \"CVE-2013-0919\", \"CVE-2013-0920\", \"CVE-2013-0921\", \"CVE-2013-0922\", \"CVE-2013-0923\", \"CVE-2013-0924\", \"CVE-2013-0925\", \"CVE-2013-0926\", \"CVE-2013-2836\", \"CVE-2013-2837\", \"CVE-2013-2838\", \"CVE-2013-2839\", \"CVE-2013-2840\", \"CVE-2013-2841\", \"CVE-2013-2842\", \"CVE-2013-2843\", \"CVE-2013-2844\", \"CVE-2013-2845\", \"CVE-2013-2846\", \"CVE-2013-2847\", \"CVE-2013-2848\", \"CVE-2013-2849\", \"CVE-2013-2853\", \"CVE-2013-2855\", \"CVE-2013-2856\", \"CVE-2013-2857\", \"CVE-2013-2858\", \"CVE-2013-2859\", \"CVE-2013-2860\", \"CVE-2013-2861\", \"CVE-2013-2862\", \"CVE-2013-2863\", \"CVE-2013-2865\", \"CVE-2013-2867\", \"CVE-2013-2868\", \"CVE-2013-2869\", \"CVE-2013-2870\", \"CVE-2013-2871\", \"CVE-2013-2874\", \"CVE-2013-2875\", \"CVE-2013-2876\", \"CVE-2013-2877\", \"CVE-2013-2878\", \"CVE-2013-2879\", \"CVE-2013-2880\", \"CVE-2013-2881\", \"CVE-2013-2882\", \"CVE-2013-2883\", \"CVE-2013-2884\", \"CVE-2013-2885\", \"CVE-2013-2886\", \"CVE-2013-2887\", \"CVE-2013-2900\", \"CVE-2013-2901\", \"CVE-2013-2902\", \"CVE-2013-2903\", \"CVE-2013-2904\", \"CVE-2013-2905\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201309-16\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 29.0.1457.57\"), vulnerable: make_list(\"lt 29.0.1457.57\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/v8\", unaffected: make_list(\"ge 3.18.5.14\"), vulnerable: make_list(\"lt 3.18.5.14\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:01:02", "description": "Google Chrome 26, the latest version of the company\u2019s browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser.\n\nThat vulnerability, discovered and reported by Atte Kettunen, is the only one in [Chrome 26](<http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29>) for which Google paid a bug bounty as part of its reward program. All of the other vulnerabilities were discovered by members of the company\u2019s own security team or the bugs just didn\u2019t qualify for a reward. This continues a somewhat recent trend of the number of vulnerabilities qualifying for rewards from Google declining as it becomes more and more difficult to find serious bugs in the browser.[](<https://threatpost.com/google-fixes-11-flaws-chrome-032613/>)\n\nGoogle has [raised the amount of money paid for serious vulnerabilities](<https://threatpost.com/google-sweetens-bug-bounty-pot-081512/>) in order to attract more submissions from security researchers, but the improved defenses in Chrome have made life more difficult for would-be submitters.\n\nHere is the full list of vulnerabilities patched by Google in Chrome 26:\n\n * [$1000] [[172342](<https://code.google.com/p/chromium/issues/detail?id=172342>)] **High** CVE-2013-0916: Use-after-free in Web Audio. _Credit to Atte Kettunen of OUSPG._\n * [[180909](<https://code.google.com/p/chromium/issues/detail?id=180909>)] **Low** CVE-2013-0917: Out-of-bounds read in URL loader. _Credit to Google Chrome Security Team (Cris Neckar)._\n * [[180555](<https://code.google.com/p/chromium/issues/detail?id=180555>)] **Low** CVE-2013-0918: Do not navigate dev tools upon drag and drop. _Credit to Vsevolod Vlasov of the Chromium development community._\n * [Linux only] [[178760](<https://code.google.com/p/chromium/issues/detail?id=178760>)] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[177410](<https://code.google.com/p/chromium/issues/detail?id=177410>)] **Medium** CVE-2013-0920: Use-after-free in extension bookmarks API. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[174943](<https://code.google.com/p/chromium/issues/detail?id=174943>)] **High** CVE-2013-0921: Ensure isolated web sites run in their own processes.\n * [[174129](<https://code.google.com/p/chromium/issues/detail?id=174129>)] **Low** CVE-2013-0922: Avoid HTTP basic auth brute force attempts. _Credit to \u201ct3553r\u201d._\n * [[169981](<https://code.google.com/p/chromium/issues/detail?id=169981>)] [[169972](<https://code.google.com/p/chromium/issues/detail?id=169972>)] [[169765](<https://code.google.com/p/chromium/issues/detail?id=169765>)] **Medium** CVE-2013-0923: Memory safety issues in the USB Apps API. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[169632](<https://code.google.com/p/chromium/issues/detail?id=169632>)] **Low** CVE-2013-0924: Check an extension\u2019s permissions API usage again file permissions. _Credit to Benjamin Kalman of the Chromium development community._\n * [[168442](<https://code.google.com/p/chromium/issues/detail?id=168442>)] **Low** CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. _Credit to Michael Vrable of Google._\n * [[112325](<https://code.google.com/p/chromium/issues/detail?id=112325>)] **Medium** CVE-2013-0926: Avoid pasting active tags in certain situations. _Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c ([xysec.com](<http://xysec.com/>))._\n", "cvss3": {}, "published": "2013-03-26T18:31:24", "type": "threatpost", "title": "Google Fixes 11 Flaws in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"], "modified": "2013-04-26T15:38:03", "id": "THREATPOST:CE70F2B6CF76B54F4B98E3C93CE55EBE", "href": "https://threatpost.com/google-fixes-11-flaws-chrome-032613/77669/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:32", "description": "\nGoogle Chrome Releases reports:\n\n[172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit\n\t to Atte Kettunen of OUSPG.\n[180909] Low CVE-2013-0917: Out-of-bounds read in URL loader.\n\t Credit to Google Chrome Security Team (Cris Neckar).\n[180555] Low CVE-2013-0918: Do not navigate dev tools upon drag\n\t and drop. Credit to Vsevolod Vlasov of the Chromium development\n\t community.\n[Linux only] [178760] Medium CVE-2013-0919: Use-after-free with\n\t pop-up windows in extensions. Credit to Google Chrome Security Team\n\t (Mustafa Emre Acer).\n[177410] Medium CVE-2013-0920: Use-after-free in extension\n\t bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre\n\t Acer).\n[174943] High CVE-2013-0921: Ensure isolated web sites run in\n\t their own processes.\n[174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force\n\t attempts. Credit to \"t3553r\".\n[169981] [169972] [169765] Medium CVE-2013-0923: Memory safety\n\t issues in the USB Apps API. Credit to Google Chrome Security Team\n\t (Mustafa Emre Acer).\n[169632] Low CVE-2013-0924: Check an extension's permissions API\n\t usage again file permissions. Credit to Benjamin Kalman of the\n\t Chromium development community.\n[168442] Low CVE-2013-0925: Avoid leaking URLs to extensions\n\t without the tabs permissions. Credit to Michael Vrable of\n\t Google.\n[112325] Medium CVE-2013-0926: Avoid pasting active tags in\n\t certain situations. Credit to Subho Halder, Aditya Gupta, and Dev\n\t Kar of xys3c (xysec.com).\n\n", "cvss3": {}, "published": "2013-03-26T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0917", "CVE-2013-0924", "CVE-2013-0922", "CVE-2013-0925", "CVE-2013-0923", "CVE-2013-0919", "CVE-2013-0926", "CVE-2013-0918", "CVE-2013-0920", "CVE-2013-0916", "CVE-2013-0921"], "modified": "2013-03-26T00:00:00", "id": "BDD48858-9656-11E2-A9A8-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/bdd48858-9656-11e2-a9a8-00262d5ed8ee.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "chrome": [{"lastseen": "2021-12-30T22:36:19", "description": "The Chrome team is excited to announce the promotion of [Chrome 26 to the Stable Channel](<http://chrome.blogspot.com/2013/03/oodles-of-improvements-to-chromes-spell.html>). Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame contains number of new items including: \n\n\n * \"[Ask Google for suggestions](<http://support.google.com/chrome/bin/answer.py?hl=en&answer=95604>)\" spell checking feature improvements (e.g. grammar and homonym checking)\n * Desktop shortcuts for [multiple users](<http://support.google.com/chrome/bin/answer.py?hl=en&answer=2364824>) (profiles) on Windows\n * Asynchronous DNS resolver on Mac and Linux\n\n** \n**\n\n**Security fixes and rewards:**\n\n\nPlease see [the Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.\n\n * [$1000] [[172342](<https://code.google.com/p/chromium/issues/detail?id=172342>)] **High** CVE-2013-0916: Use-after-free in Web Audio. _Credit to Atte Kettunen of OUSPG._\n * [[180909](<https://code.google.com/p/chromium/issues/detail?id=180909>)] **Low** CVE-2013-0917: Out-of-bounds read in URL loader. _Credit to Google Chrome Security Team (Cris Neckar)._\n * [[180555](<https://code.google.com/p/chromium/issues/detail?id=180555>)] **Low** CVE-2013-0918: Do not navigate dev tools upon drag and drop. _Credit to Vsevolod Vlasov of the Chromium development community._\n * [Linux only] [[178760](<https://code.google.com/p/chromium/issues/detail?id=178760>)] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[177410](<https://code.google.com/p/chromium/issues/detail?id=177410>)] **Medium** CVE-2013-0920: Use-after-free in extension bookmarks API. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[174943](<https://code.google.com/p/chromium/issues/detail?id=174943>)] **High** CVE-2013-0921: Ensure isolated web sites run in their own processes.\n * [[174129](<https://code.google.com/p/chromium/issues/detail?id=174129>)] **Low** CVE-2013-0922: Avoid HTTP basic auth brute force attempts. _Credit to "t3553r"._\n * [[169981](<https://code.google.com/p/chromium/issues/detail?id=169981>)] [[169972](<https://code.google.com/p/chromium/issues/detail?id=169972>)] [[169765](<https://code.google.com/p/chromium/issues/detail?id=169765>)] **Medium** CVE-2013-0923: Memory safety issues in the USB Apps API. _Credit to Google Chrome Security Team (Mustafa Emre Acer)._\n * [[169632](<https://code.google.com/p/chromium/issues/detail?id=169632>)] **Low** CVE-2013-0924: Check an extension's permissions API usage again file permissions. _Credit to Benjamin Kalman of the Chromium development community._\n * [[168442](<https://code.google.com/p/chromium/issues/detail?id=168442>)] **Low** CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. _Credit to Michael Vrable of Google._\n * [[112325](<https://code.google.com/p/chromium/issues/detail?id=112325>)] **Medium** CVE-2013-0926: Avoid pasting active tags in certain situations. _Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c ([xysec.com](<http://xysec.com/>))._\n**A full list of changes in this build is available in the [SVN revision log](<http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=173683:181864&mode=html>). Interested in switching release channels? [Find out how](<http://dev.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/new>).**\n\n\nDharani Govindan \nGoogle Chrome", "cvss3": {}, "published": "2013-03-26T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926"], "modified": "2013-03-26T00:00:00", "id": "GCSA-2543406049002500947", "href": "https://chromereleases.googleblog.com/2013/03/stable-channel-update_26.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:53:46", "description": "The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not\nproperly enforce the use of separate processes, which makes it easier for\nremote attackers to bypass intended access restrictions via a crafted web\nsite.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0921", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0921"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0921", "href": "https://ubuntu.com/security/CVE-2013-0921", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:46", "description": "Google Chrome before 26.0.1410.43 does not prevent navigation to developer\ntools in response to a drag-and-drop operation, which allows user-assisted\nremote attackers to have an unspecified impact via a crafted web site.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0918"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0918", "href": "https://ubuntu.com/security/CVE-2013-0918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:48:25", "description": "The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers\nto cause a denial of service (out-of-bounds read) via unspecified vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0917", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0917"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0917", "href": "https://ubuntu.com/security/CVE-2013-0917", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:53:45", "description": "Google Chrome before 26.0.1410.43 does not ensure that an extension has the\ntabs (aka APIPermission::kTab) permission before providing a URL to this\nextension, which has unspecified impact and remote attack vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0925", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0925"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0925", "href": "https://ubuntu.com/security/CVE-2013-0925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:45", "description": "Google Chrome before 26.0.1410.43 does not properly handle active content\nin an EMBED element during a copy-and-paste operation, which allows\nuser-assisted remote attackers to have an unspecified impact via a crafted\nweb site.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0926", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0926"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0926", "href": "https://ubuntu.com/security/CVE-2013-0926", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:46", "description": "The extension functionality in Google Chrome before 26.0.1410.43 does not\nverify that use of the permissions API is consistent with file permissions,\nwhich has unspecified impact and attack vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0924", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0924"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0924", "href": "https://ubuntu.com/security/CVE-2013-0924", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:46", "description": "Use-after-free vulnerability in the Web Audio implementation in Google\nChrome before 26.0.1410.43 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0916", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0916"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0916", "href": "https://ubuntu.com/security/CVE-2013-0916", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:46", "description": "Google Chrome before 26.0.1410.43 does not properly restrict brute-force\naccess attempts against web sites that require HTTP Basic Authentication,\nwhich has unspecified impact and attack vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0922", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0922"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0922", "href": "https://ubuntu.com/security/CVE-2013-0922", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:53:46", "description": "The USB Apps API in Google Chrome before 26.0.1410.43 allows remote\nattackers to cause a denial of service (memory corruption) via unspecified\nvectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0923", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0923"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0923", "href": "https://ubuntu.com/security/CVE-2013-0923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T21:48:26", "description": "Use-after-free vulnerability in the extension bookmarks API in Google\nChrome before 26.0.1410.43 allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/1161296>\n", "cvss3": {}, "published": "2013-03-28T00:00:00", "type": "ubuntucve", "title": "CVE-2013-0920", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0920"], "modified": "2013-03-28T00:00:00", "id": "UB:CVE-2013-0920", "href": "https://ubuntu.com/security/CVE-2013-0920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:13", "description": "The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0921", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0921"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0921", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0921", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0918", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0918"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0918", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0917", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0917"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0917", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0917", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0925", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0925"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0925", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0926", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0926"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0926", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0926", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0924", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0924"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0924", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0924", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0916", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0916"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0916", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0916", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0922", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0922"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0922", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0922", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0923", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0923"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0923", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-14T17:47:13", "description": "Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "debiancve", "title": "CVE-2013-0920", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0920"], "modified": "2013-03-28T12:18:00", "id": "DEBIANCVE:CVE-2013-0920", "href": "https://security-tracker.debian.org/tracker/CVE-2013-0920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:05:09", "description": "The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0921", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0921"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0921", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:07", "description": "Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0918", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0918"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0918", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:05", "description": "The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0917", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0917"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0917", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0917", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:14", "description": "Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0925", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0925"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0925", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0925", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:15", "description": "Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0926", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0926"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0926", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:13", "description": "The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0924", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0924"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0924", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0924", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:05", "description": "Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0916", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0916"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0916", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0916", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:11", "description": "Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0922", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0922"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0922", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:12", "description": "The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0923", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0923"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0923", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0923", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:05:09", "description": "Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2013-03-28T12:18:00", "type": "cve", "title": "CVE-2013-0920", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0920"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/a:google:chrome:26.0.1410.41", "cpe:/a:google:chrome:26.0.1410.33", "cpe:/a:google:chrome:26.0.1410.8", "cpe:/a:google:chrome:26.0.1410.38", "cpe:/a:google:chrome:26.0.1410.30", "cpe:/a:google:chrome:26.0.1410.34", "cpe:/a:google:chrome:26.0.1410.22", "cpe:/a:google:chrome:26.0.1410.15", "cpe:/a:google:chrome:26.0.1410.20", "cpe:/a:google:chrome:26.0.1410.6", "cpe:/a:google:chrome:26.0.1410.4", "cpe:/a:google:chrome:26.0.1410.7", "cpe:/a:google:chrome:26.0.1410.16", "cpe:/a:google:chrome:26.0.1410.3", "cpe:/a:google:chrome:26.0.1410.1", "cpe:/a:google:chrome:26.0.1410.25", "cpe:/a:google:chrome:26.0.1410.24", "cpe:/a:google:chrome:26.0.1410.29", "cpe:/a:google:chrome:26.0.1410.21", "cpe:/a:google:chrome:26.0.1410.18", "cpe:/a:google:chrome:26.0.1410.27", "cpe:/a:google:chrome:26.0.1410.32", "cpe:/a:google:chrome:26.0.1410.40", "cpe:/a:google:chrome:26.0.1410.19", "cpe:/a:google:chrome:26.0.1410.11", "cpe:/a:google:chrome:26.0.1410.9", "cpe:/a:google:chrome:26.0.1410.31", "cpe:/a:google:chrome:26.0.1410.10", "cpe:/a:google:chrome:26.0.1410.17", "cpe:/a:google:chrome:26.0.1410.28", "cpe:/a:google:chrome:26.0.1410.14", "cpe:/a:google:chrome:26.0.1410.23", "cpe:/a:google:chrome:26.0.1410.39", "cpe:/a:google:chrome:26.0.1410.5", "cpe:/a:google:chrome:26.0.1410.26", "cpe:/a:google:chrome:26.0.1410.2", "cpe:/a:google:chrome:26.0.1410.35", "cpe:/a:google:chrome:26.0.1410.42", "cpe:/a:google:chrome:26.0.1410.0", "cpe:/a:google:chrome:26.0.1410.36", "cpe:/a:google:chrome:26.0.1410.12", "cpe:/a:google:chrome:26.0.1410.37"], "id": "CVE-2013-0920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:26.0.1410.40:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.21:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.24:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.23:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:26.0.1410.36:*:*:*:*:*:*:*"]}], "metasploit": [{"lastseen": "2021-06-09T04:11:56", "description": "\n", "edition": 2, "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Apple Safari security update for CVE-2013-0926", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0926"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/APPLE-SAFARI-CVE-2013-0926/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:10:39", "description": "### Background\n\nChromium is an open-source web browser project. V8 is Google\u2019s open source JavaScript engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. \n\n### Impact\n\nA context-dependent attacker could entice a user to open a specially crafted web site or JavaScript program using Chromium or V8, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass security restrictions or have other, unspecified, impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-29.0.1457.57\"\n \n\nAll V8 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/v8-3.18.5.14\"", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "gentoo", "title": "Chromium, V8: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5116", "CVE-2012-5117", "CVE-2012-5118", "CVE-2012-5120", "CVE-2012-5121", "CVE-2012-5122", "CVE-2012-5123", "CVE-2012-5124", "CVE-2012-5125", "CVE-2012-5126", "CVE-2012-5127", "CVE-2012-5128", "CVE-2012-5130", "CVE-2012-5132", "CVE-2012-5133", "CVE-2012-5135", "CVE-2012-5136", "CVE-2012-5137", "CVE-2012-5138", "CVE-2012-5139", "CVE-2012-5140", "CVE-2012-5141", "CVE-2012-5142", "CVE-2012-5143", "CVE-2012-5144", "CVE-2012-5145", "CVE-2012-5146", "CVE-2012-5147", "CVE-2012-5148", "CVE-2012-5149", "CVE-2012-5150", "CVE-2012-5151", "CVE-2012-5152", "CVE-2012-5153", "CVE-2012-5154", "CVE-2013-0828", "CVE-2013-0829", "CVE-2013-0830", "CVE-2013-0831", "CVE-2013-0832", "CVE-2013-0833", "CVE-2013-0834", "CVE-2013-0835", "CVE-2013-0836", "CVE-2013-0837", "CVE-2013-0838", "CVE-2013-0839", "CVE-2013-0840", "CVE-2013-0841", "CVE-2013-0842", "CVE-2013-0879", "CVE-2013-0880", "CVE-2013-0881", "CVE-2013-0882", "CVE-2013-0883", "CVE-2013-0884", "CVE-2013-0885", "CVE-2013-0887", "CVE-2013-0888", "CVE-2013-0889", "CVE-2013-0890", "CVE-2013-0891", "CVE-2013-0892", "CVE-2013-0893", "CVE-2013-0894", "CVE-2013-0895", "CVE-2013-0896", "CVE-2013-0897", "CVE-2013-0898", "CVE-2013-0899", "CVE-2013-0900", "CVE-2013-0902", "CVE-2013-0903", "CVE-2013-0904", "CVE-2013-0905", "CVE-2013-0906", "CVE-2013-0907", "CVE-2013-0908", "CVE-2013-0909", "CVE-2013-0910", "CVE-2013-0911", "CVE-2013-0912", "CVE-2013-0916", "CVE-2013-0917", "CVE-2013-0918", "CVE-2013-0919", "CVE-2013-0920", "CVE-2013-0921", "CVE-2013-0922", "CVE-2013-0923", "CVE-2013-0924", "CVE-2013-0925", "CVE-2013-0926", "CVE-2013-2836", "CVE-2013-2837", "CVE-2013-2838", "CVE-2013-2839", "CVE-2013-2840", "CVE-2013-2841", "CVE-2013-2842", "CVE-2013-2843", "CVE-2013-2844", "CVE-2013-2845", "CVE-2013-2846", "CVE-2013-2847", "CVE-2013-2848", "CVE-2013-2849", "CVE-2013-2853", "CVE-2013-2855", "CVE-2013-2856", "CVE-2013-2857", "CVE-2013-2858", "CVE-2013-2859", "CVE-2013-2860", "CVE-2013-2861", "CVE-2013-2862", "CVE-2013-2863", "CVE-2013-2865", "CVE-2013-2867", "CVE-2013-2868", "CVE-2013-2869", "CVE-2013-2870", "CVE-2013-2871", "CVE-2013-2874", "CVE-2013-2875", "CVE-2013-2876", "CVE-2013-2877", "CVE-2013-2878", "CVE-2013-2879", "CVE-2013-2880", "CVE-2013-2881", "CVE-2013-2882", "CVE-2013-2883", "CVE-2013-2884", "CVE-2013-2885", "CVE-2013-2886", "CVE-2013-2887", "CVE-2013-2900", "CVE-2013-2901", "CVE-2013-2902", "CVE-2013-2903", "CVE-2013-2904", "CVE-2013-2905"], "modified": "2013-09-25T00:00:00", "id": "GLSA-201309-16", "href": "https://security.gentoo.org/glsa/201309-16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:11:44", "description": "Multiple memory corruptions and crossite scripting.", "edition": 2, "cvss3": {}, "published": "2013-06-17T00:00:00", "title": "WebKit / Apple Safari multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1002", "CVE-2013-1005", "CVE-2013-1001", "CVE-2013-1000", "CVE-2013-1003", "CVE-2013-0992", "CVE-2013-0998", "CVE-2013-1004", "CVE-2013-1013", "CVE-2013-0879", "CVE-2013-1012", "CVE-2013-0993", "CVE-2013-0995", "CVE-2013-1007", "CVE-2013-1023", "CVE-2013-0991", "CVE-2013-0926", "CVE-2013-0994", "CVE-2013-1011", "CVE-2013-0997", "CVE-2013-1010", "CVE-2013-0996", "CVE-2013-1006", "CVE-2013-1008", "CVE-2013-0999", "CVE-2013-1009"], "modified": "2013-06-17T00:00:00", "id": "SECURITYVULNS:VULN:13127", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13127", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-06-04-2 Safari 6.0.5\r\n\r\nSafari 6.0.5 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative\r\nCVE-2013-0998 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-0999 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1009 : Apple\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1011 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1023 : Google Chrome Security Team (Inferno)\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\niframes. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Copying and pasting a malicious HTML snippet may lead to a\r\ncross-site scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\ncopied and pasted data in HTML documents. This issue was addressed\r\nthrough additional validation of pasted content.\r\nCVE-ID\r\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\r\n(xysec.com)\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Following a maliciously crafted link could lead to\r\nunexpected behavior on the target site\r\nDescription: XSS Auditor may rewrite URLs to prevent cross-site\r\nscripting attacks. This may lead to a malicious alteration of the\r\nbehavior of a form submission. This issue was addressed through\r\nimproved validation of URLs.\r\nCVE-ID\r\nCVE-2013-1013 : Sam Power of Pentest Limited\r\n\r\n\r\nFor OS X Lion systems Safari 6.0.5 is available via\r\nthe Apple Software Update application.\r\n\r\nFor OS X Mountain Lion systems Safari 6.0.5 is included with\r\nOS X v10.8.4.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRrjeeAAoJEPefwLHPlZEwCm4P/3WseW2DFgYieiAHghpGQ07e\r\n/XuNWzqld4CpXyFUQDkw55DU1Y9dVIIl663rSR0VyXJDB5dMh6iHEBRHX4tarGym\r\nbeZS0cDuakospFtX4MZgcKXu/8cV7b8lq9tzqH0pL419a61Fjhm1eRfDeM3snXkO\r\nkNCRi3nqOCmMroUiY+cJlKHi1x/t+2whISSM3QsIgpU5yyjEU3neMy2TPjuxC48h\r\nXZr9XaDX5cztv0MWCX+jkv+OpYPxVtPxBVw6rPLaX2eg7iwBM6yDbLF5i/4oY06t\r\nHzF2uCk8TlbFdk05Cr7HxmYV2qBei8VkcO1Mc4Ij3v3Q9iiKBRkr+d0CYQ1HSkrY\r\nigfCmfDiEpaKZfzCgwRsVFZ/UhuXTDipTFIzKrZSlbsglVyIQJtKVyyWEZDOKcYL\r\nkKCAS+ep0UyFIyeCCjFknd2hMneMR7a4u2XGJm1VtfRCA+ed3Cr0ROS+O9viGjYi\r\nQcm+2yzlWg9vpfojv+uX+aqh6IsprhfqXuF4ypM6D98IQ3fJqx9a0tVIPniFaLuP\r\nO39M+UGtPLAw7BMiKkb4XyEajKFwJt1pfddWkC1YjKjtyRGf62BDOtY2KqEsyzpF\r\n5nOzM3Vc+3urbur+69oqJLwRwC/PHkh1ym3LjrmqUW7+okckIGCQGt3iUwIWNKhp\r\n2YgKISKdQYxVSfkzkqYY\r\n=jk2e\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2013-06-17T00:00:00", "title": "APPLE-SA-2013-06-04-2 Safari 6.0.5", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1002", "CVE-2013-1005", "CVE-2013-1001", "CVE-2013-1000", "CVE-2013-1003", "CVE-2013-0992", "CVE-2013-0998", "CVE-2013-1004", "CVE-2013-1013", "CVE-2013-0879", "CVE-2013-1012", "CVE-2013-0993", "CVE-2013-0995", "CVE-2013-1007", "CVE-2013-1023", "CVE-2013-0991", "CVE-2013-0926", "CVE-2013-0994", "CVE-2013-1011", "CVE-2013-0997", "CVE-2013-1010", "CVE-2013-0996", "CVE-2013-1006", "CVE-2013-1008", "CVE-2013-0999", "CVE-2013-1009"], "modified": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29465", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29465", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:13", "description": "Multiple vulnerabilities in different system components.", "edition": 2, "cvss3": {}, "published": "2013-12-09T00:00:00", "title": "Apple iPhone / iPad multiple securit vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1045", "CVE-2013-5155", "CVE-2013-1002", "CVE-2013-5131", "CVE-2013-1005", "CVE-2013-5157", "CVE-2013-5154", "CVE-2013-5153", "CVE-2013-1038", "CVE-2013-2842", "CVE-2013-1001", "CVE-2013-1028", "CVE-2012-2871", "CVE-2013-1040", "CVE-2013-5149", "CVE-2013-5140", "CVE-2013-1003", "CVE-2013-3954", "CVE-2013-0992", "CVE-2013-1043", "CVE-2013-5134", "CVE-2013-1044", "CVE-2013-0998", "CVE-2013-5126", "CVE-2013-5125", "CVE-2013-5159", "CVE-2013-1026", "CVE-2013-1004", "CVE-2013-5142", "CVE-2013-5137", "CVE-2012-2825", "CVE-2013-5156", "CVE-2013-2848", "CVE-2013-1019", "CVE-2013-3953", "CVE-2013-1025", "CVE-2013-0879", "CVE-2012-5134", "CVE-2013-1012", "CVE-2013-0993", "CVE-2013-5128", "CVE-2013-1042", "CVE-2013-5160", "CVE-2013-0995", "CVE-2013-1007", "CVE-2013-0991", "CVE-2013-5145", "CVE-2013-5152", "CVE-2013-5161", "CVE-2013-0926", "CVE-2013-5139", "CVE-2013-0994", "CVE-2013-1036", "CVE-2013-1046", "CVE-2013-5138", "CVE-2013-5150", "CVE-2013-0957", "CVE-2013-1037", "CVE-2013-0997", "CVE-2013-5147", "CVE-2013-4616", "CVE-2013-3955", "CVE-2012-2870", "CVE-2013-1010", "CVE-2013-1039", "CVE-2011-3102", "CVE-2013-5151", "CVE-2013-0996", "CVE-2013-5127", "CVE-2012-0841", "CVE-2013-1006", "CVE-2013-5129", "CVE-2013-5141", "CVE-2013-1008", "CVE-2011-2391", "CVE-2013-5158", "CVE-2013-1047", "CVE-2013-0999", "CVE-2012-2807", "CVE-2013-3950"], "modified": "2013-12-09T00:00:00", "id": "SECURITYVULNS:VULN:13297", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13297", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-09-18-2 iOS 7\r\n\r\niOS 7 is now available and addresses the following:\r\n\r\nCertificate Trust Policy\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Root certificates have been updated\r\nDescription: Several certificates were added to or removed from the\r\nlist of system roots.\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JBIG2\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1025 : Felix Groebert of the Google Security Team\r\n\r\nCoreMedia\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of Sorenson\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nData Protection\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Apps could bypass passcode-attempt restrictions\r\nDescription: A privilege separation issue existed in Data\r\nProtection. An app within the third-party sandbox could repeatedly\r\nattempt to determine the user's passcode regardless of the user's\r\n"Erase Data" setting. This issue was addressed by requiring\r\nadditional entitlement checks.\r\nCVE-ID\r\nCVE-2013-0957 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity\r\n\r\nData Security\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: TrustWave, a trusted root CA, has issued, and\r\nsubsequently revoked, a sub-CA certificate from one of its trusted\r\nanchors. This sub-CA facilitated the interception of communications\r\nsecured by Transport Layer Security (TLS). This update added the\r\ninvolved sub-CA certificate to OS X's list of untrusted certificates.\r\nCVE-ID\r\nCVE-2013-5134\r\n\r\ndyld\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker who has arbitrary code execution on a device may\r\nbe able to persist code execution across reboots\r\nDescription: Multiple buffer overflows existed in dyld's\r\nopenSharedCacheFile() function. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2013-3950 : Stefan Esser\r\n\r\nFile Systems\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker who can mount a non-HFS filesystem may be able\r\nto cause an unexpected system termination or arbitrary code execution\r\nwith kernel privileges\r\nDescription: A memory corruption issue existed in the handling of\r\nAppleDouble files. This issue was addressed by removing support for\r\nAppleDouble files.\r\nCVE-ID\r\nCVE-2013-3955 : Stefan Esser\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1026 : Felix Groebert of the Google Security Team\r\n\r\nIOKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Background applications could inject user interface events\r\ninto the foreground app\r\nDescription: It was possible for background applications to inject\r\nuser interface events into the foreground application using the task\r\ncompletion or VoIP APIs. This issue was addressed by enforcing access\r\ncontrols on foreground and background processes that handle interface\r\nevents.\r\nCVE-ID\r\nCVE-2013-5137 : Mackenzie Straight at Mobile Labs\r\n\r\nIOKitUser\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious local application could cause an unexpected\r\nsystem termination\r\nDescription: A null pointer dereference existed in IOCatalogue.\r\nThe issue was addressed through additional type checking.\r\nCVE-ID\r\nCVE-2013-5138 : Will Estes\r\n\r\nIOSerialFamily\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: An out of bounds array access existed in the\r\nIOSerialFamily driver. This issue was addressed through additional\r\nbounds checking.\r\nCVE-ID\r\nCVE-2013-5139 : @dent1zt\r\n\r\nIPSec\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may intercept data protected with IPSec Hybrid\r\nAuth\r\nDescription: The DNS name of an IPSec Hybrid Auth server was not\r\nbeing matched against the certificate, allowing an attacker with a\r\ncertificate for any server to impersonate any other. This issue was\r\naddressed by improved certificate checking.\r\nCVE-ID\r\nCVE-2013-1028 : Alexander Traud of www.traud.de\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker can cause a device to unexpectedly restart\r\nDescription: Sending an invalid packet fragment to a device can\r\ncause a kernel assert to trigger, leading to a device restart. The\r\nissue was addressed through additional validation of packet\r\nfragments.\r\nCVE-ID\r\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\r\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\r\nof Vulnerability Analysis Group, Stonesoft\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious local application could cause device hang\r\nDescription: An integer truncation vulnerability in the kernel\r\nsocket interface could be leveraged to force the CPU into an infinite\r\nloop. The issue was addressed by using a larger sized variable.\r\nCVE-ID\r\nCVE-2013-5141 : CESG\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker on a local network can cause a denial of service\r\nDescription: An attacker on a local network can send specially\r\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\r\naddressed by rate limiting ICMP packets before verifying their\r\nchecksum.\r\nCVE-ID\r\nCVE-2011-2391 : Marc Heuse\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Kernel stack memory may be disclosed to local users\r\nDescription: An information disclosure issue existed in the msgctl\r\nand segctl APIs. This issue was addressed by initializing data\r\nstructures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unprivileged processes could get access to the contents of\r\nkernel memory which could lead to privilege escalation\r\nDescription: An information disclosure issue existed in the\r\nmach_port_space_info API. This issue was addressed by initializing\r\nthe iin_collision field in structures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-3953 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unprivileged processes may be able to cause an unexpected\r\nsystem termination or arbitrary code execution in the kernel\r\nDescription: A memory corruption issue existed in the handling of\r\narguments to the posix_spawn API. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-3954 : Stefan Esser\r\n\r\nKext Management\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An unauthorized process may modify the set of loaded kernel\r\nextensions\r\nDescription: An issue existed in kextd's handling of IPC messages\r\nfrom unauthenticated senders. This issue was addressed by adding\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2013-5145 : "Rainbow PRISM"\r\n\r\nlibxml\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxml.\r\nThese issues were addressed by updating libxml to version 2.9.0.\r\nCVE-ID\r\nCVE-2011-3102 : Juri Aedla\r\nCVE-2012-0841\r\nCVE-2012-2807 : Juri Aedla\r\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\r\n\r\nlibxslt\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxslt.\r\nThese issues were addressed by updating libxslt to version 1.1.28.\r\nCVE-ID\r\nCVE-2012-2825 : Nicolas Gregoire\r\nCVE-2012-2870 : Nicolas Gregoire\r\nCVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas\r\nGregoire\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A race condition issue existed in the handling of phone\r\ncalls and SIM card ejection at the lock screen. This issue was\r\naddressed through improved lock state management.\r\nCVE-ID\r\nCVE-2013-5147 : videosdebarraquito\r\n\r\nPersonal Hotspot\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may be able to join a Personal Hotspot network\r\nDescription: An issue existed in the generation of Personal Hotspot\r\npasswords, resulting in passwords that could be predicted by an\r\nattacker to join a user's Personal Hotspot. The issue was addressed\r\nby generating passwords with higher entropy.\r\nCVE-ID\r\nCVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz\r\nof University Erlangen-Nuremberg\r\n\r\nPush Notifications\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: The push notification token may be disclosed to an app\r\ncontrary to the user's decision\r\nDescription: An information disclosure issue existed in push\r\nnotification registration. Apps requesting access to the push\r\nnotification access received the token before the user approved the\r\napp's use of push notifications. This issue was addressed by\r\nwithholding access to the token until the user has approved access.\r\nCVE-ID\r\nCVE-2013-5149 : Jack Flintermann of Grouper, Inc.\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nXML files. This issue was addressed through additional bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: History of pages recently visited in an open tab may remain\r\nafter clearing of history\r\nDescription: Clearing Safari's history did not clear the\r\nback/forward history for open tabs. This issue was addressed by\r\nclearing the back/forward history.\r\nCVE-ID\r\nCVE-2013-5150\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing files on a website may lead to script execution even\r\nwhen the server sends a 'Content-Type: text/plain' header\r\nDescription: Mobile Safari sometimes treated files as HTML files\r\neven when the server sent a 'Content-Type: text/plain' header. This\r\nmay lead to cross-site scripting on sites that allow users to upload\r\nfiles. This issue was addressed through improved handling of files\r\nwhen 'Content-Type: text/plain' is set.\r\nCVE-ID\r\nCVE-2013-5151 : Ben Toews of Github\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may allow an arbitrary URL to\r\nbe displayed\r\nDescription: A URL bar spoofing issue existed in Mobile Safari. This\r\nissue was addressed through improved URL tracking.\r\nCVE-ID\r\nCVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS\r\n\r\nSandbox\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Applications that are scripts were not sandboxed\r\nDescription: Third-party applications which used the #! syntax to\r\nrun a script were sandboxed based on the identity of the script\r\ninterpreter, not the script. The interpreter may not have a sandbox\r\ndefined, leading to the application being run unsandboxed. This issue\r\nwas addressed by creating the sandbox based on the identity of the\r\nscript.\r\nCVE-ID\r\nCVE-2013-5154 : evad3rs\r\n\r\nSandbox\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Applications can cause a system hang\r\nDescription: Malicious third-party applications that wrote specific\r\nvalues to the /dev/random device could force the CPU to enter an\r\ninfinite loop. This issue was addressed by preventing third-party\r\napplications from writing to /dev/random.\r\nCVE-ID\r\nCVE-2013-5155 : CESG\r\n\r\nSocial\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Users recent Twitter activity could be disclosed on devices\r\nwith no passcode.\r\nDescription: An issue existed where it was possible to determine\r\nwhat Twitter accounts a user had recently interacted with. This issue\r\nwas resolved by restricting access to the Twitter icon cache.\r\nCVE-ID\r\nCVE-2013-5158 : Jonathan Zdziarski\r\n\r\nSpringboard\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to a device in Lost Mode may\r\nbe able to view notifications\r\nDescription: An issue existed in the handling of notifications when\r\na device is in Lost Mode. This update addresses the issue with\r\nimproved lock state management.\r\nCVE-ID\r\nCVE-2013-5153 : Daniel Stangroom\r\n\r\nTelephony\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Malicious apps could interfere with or control telephony\r\nfunctionality\r\nDescription: An access control issue existed in the telephony\r\nsubsystem. Bypassing supported APIs, sandboxed apps could make\r\nrequests directly to a system daemon interfering with or controlling\r\ntelephony functionality. This issue was addressed by enforcing access\r\ncontrols on interfaces exposed by the telephony daemon.\r\nCVE-ID\r\nCVE-2013-5156 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\r\nLee from the Georgia Institute of Technology\r\n\r\nTwitter\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Sandboxed apps could send tweets without user interaction or\r\npermission\r\nDescription: An access control issue existed in the Twitter\r\nsubsystem. Bypassing supported APIs, sandboxed apps could make\r\nrequests directly to a system daemon interfering with or controlling\r\nTwitter functionality. This issue was addressed by enforcing access\r\ncontrols on interfaces exposed by the Twitter daemon.\r\nCVE-ID\r\nCVE-2013-5157 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\r\nLee from the Georgia Institute of Technology\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative\r\nCVE-2013-0998 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-0999 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1037 : Google Chrome Security Team\r\nCVE-2013-1038 : Google Chrome Security Team\r\nCVE-2013-1039 : own-hero Research working with iDefense VCP\r\nCVE-2013-1040 : Google Chrome Security Team\r\nCVE-2013-1041 : Google Chrome Security Team\r\nCVE-2013-1042 : Google Chrome Security Team\r\nCVE-2013-1043 : Google Chrome Security Team\r\nCVE-2013-1044 : Apple\r\nCVE-2013-1045 : Google Chrome Security Team\r\nCVE-2013-1046 : Google Chrome Security Team\r\nCVE-2013-1047 : miaubiz\r\nCVE-2013-2842 : Cyril Cattiaux\r\nCVE-2013-5125 : Google Chrome Security Team\r\nCVE-2013-5126 : Apple\r\nCVE-2013-5127 : Google Chrome Security Team\r\nCVE-2013-5128 : Apple\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to information\r\ndisclosure\r\nDescription: An information disclosure issue existed in the handling\r\nof the window.webkitRequestAnimationFrame() API. A maliciously\r\ncrafted website could use an iframe to determine if another site used\r\nwindow.webkitRequestAnimationFrame(). This issue was addressed\r\nthrough improved handling of window.webkitRequestAnimationFrame().\r\nCVE-ID\r\nCVE-2013-5159\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Copying and pasting a malicious HTML snippet may lead to a\r\ncross-site scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\ncopied and pasted data in HTML documents. This issue was addressed\r\nthrough additional validation of pasted content.\r\nCVE-ID\r\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\r\n(xysec.com)\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\niframes. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: An information disclosure issue existed in XSSAuditor.\r\nThis issue was addressed through improved handling of URLs.\r\nCVE-ID\r\nCVE-2013-2848 : Egor Homakov\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Dragging or pasting a selection may lead to a cross-site\r\nscripting attack\r\nDescription: Dragging or pasting a selection from one site to\r\nanother may allow scripts contained in the selection to be executed\r\nin the context of the new site. This issue is addressed through\r\nadditional validation of content before a paste or a drag and drop\r\noperation.\r\nCVE-ID\r\nCVE-2013-5129 : Mario Heiderich\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\nURLs. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5131 : Erling A Ellingsen\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "7.0".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN\r\n0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e\r\nGoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2\r\nTyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni\r\n5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK\r\nibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT\r\nKXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG\r\nQthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY\r\nI2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz\r\nKf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt\r\nSCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR\r\nGowSVGG+cJtvrngVhy3E\r\n=dNVy\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2013-10-01T00:00:00", "title": "APPLE-SA-2013-09-18-2 iOS 7", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-1045", "CVE-2013-5155", "CVE-2013-1002", "CVE-2013-5131", "CVE-2013-1005", "CVE-2013-5157", "CVE-2013-5154", "CVE-2013-5153", "CVE-2013-1038", "CVE-2013-2842", "CVE-2013-1001", "CVE-2013-1028", "CVE-2012-2871", "CVE-2013-1040", "CVE-2013-5149", "CVE-2013-1000", "CVE-2013-5140", "CVE-2013-1003", "CVE-2013-3954", "CVE-2013-0992", "CVE-2013-1043", "CVE-2013-5134", "CVE-2013-1044", "CVE-2013-0998", "CVE-2013-5126", "CVE-2013-5125", "CVE-2013-5159", "CVE-2013-1026", "CVE-2013-1004", "CVE-2013-5142", "CVE-2013-5137", "CVE-2012-2825", "CVE-2013-5156", "CVE-2013-2848", "CVE-2013-1019", "CVE-2013-3953", "CVE-2013-1025", "CVE-2013-0879", "CVE-2012-5134", "CVE-2013-1012", "CVE-2013-0993", "CVE-2013-5128", "CVE-2013-1042", "CVE-2013-0995", "CVE-2013-1007", "CVE-2013-0991", "CVE-2013-5145", "CVE-2013-5152", "CVE-2013-0926", "CVE-2013-5139", "CVE-2013-0994", "CVE-2013-1036", "CVE-2013-1046", "CVE-2013-1041", "CVE-2013-5138", "CVE-2013-5150", "CVE-2013-0957", "CVE-2013-1037", "CVE-2013-0997", "CVE-2013-5147", "CVE-2013-4616", "CVE-2013-3955", "CVE-2012-2870", "CVE-2013-1010", "CVE-2013-1039", "CVE-2011-3102", "CVE-2013-5151", "CVE-2013-0996", "CVE-2013-5127", "CVE-2012-0841", "CVE-2013-1006", "CVE-2013-5129", "CVE-2013-5141", "CVE-2013-1008", "CVE-2011-2391", "CVE-2013-5158", "CVE-2013-1047", "CVE-2013-0999", "CVE-2012-2807", "CVE-2013-3950"], "modified": "2013-10-01T00:00:00", "id": "SECURITYVULNS:DOC:29840", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29840", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
