{"id": "OPENVAS:1361412562310873418", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for synfig FEDORA-2017-3a568adb31", "description": "The remote host is missing an update for the ", "published": "2017-09-20T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873418", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-3a568adb31", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAJ6JCP4KCFYPKYQRD5LMS3KCIWQOX6Q"], "cvelist": ["CVE-2017-14482"], "lastseen": "2019-05-29T18:34:27", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-912"]}, {"type": "canvas", "idList": ["EMACS_ENRICHED"]}, {"type": "centos", "idList": ["CESA-2017:2771"]}, {"type": "cve", "idList": ["CVE-2017-14482"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1101-1:035BC", "DEBIAN:DLA-1101-1:5C0E3", "DEBIAN:DSA-3975-1:C2508"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14482"]}, {"type": "fedora", "idList": ["FEDORA:058EA6042D48", "FEDORA:12FD4601BFE7", "FEDORA:182076042D48", "FEDORA:1CBDB6048D20", "FEDORA:236CA6045A3D", "FEDORA:24A59601CFB7", "FEDORA:2564C6045A3D", "FEDORA:25F726048D32", "FEDORA:3029F608764A", "FEDORA:51A3B6021748", "FEDORA:5E5036045A3D", "FEDORA:681616021748", "FEDORA:7BCCA6021748", "FEDORA:84AF9601CFB7", "FEDORA:8A785601CFB7", "FEDORA:99654601BFE7", "FEDORA:99894601BFE7", "FEDORA:9AE226048D4F", "FEDORA:9B96A6045A2E", "FEDORA:9FBE76048715", "FEDORA:A6C306048D20", "FEDORA:A799B624C7EA", "FEDORA:A920B601BFE7", "FEDORA:DB9E7601D70C", "FEDORA:DD0C6601CFB7"]}, {"type": "gentoo", "idList": ["GLSA-201801-07"]}, {"type": "ibm", "idList": ["A4C654494872F1C77A9448C5649718FA21C36FD40C6CD59858CF99AB50D14F6D"]}, {"type": "mageia", "idList": ["MGASA-2017-0476"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-912.NASL", "CENTOS_RHSA-2017-2771.NASL", "DEBIAN_DLA-1101.NASL", "DEBIAN_DSA-3970.NASL", "DEBIAN_DSA-3975.NASL", "EULEROS_SA-2017-1235.NASL", "EULEROS_SA-2017-1236.NASL", "EULEROS_SA-2019-1381.NASL", "FEDORA_2017-36893B0EA3.NASL", "FEDORA_2017-3A568ADB31.NASL", "FEDORA_2017-A1DC0EF38C.NASL", "GENTOO_GLSA-201801-07.NASL", "OPENSUSE-2017-1078.NASL", "ORACLELINUX_ELSA-2017-2771.NASL", "REDHAT-RHSA-2017-2771.NASL", "SL_20170919_EMACS_ON_SL7_X.NASL", "SUSE_SU-2017-2529-1.NASL", "SUSE_SU-2017-2532-1.NASL", "UBUNTU_USN-3427-1.NASL", "UBUNTU_USN-3428-1.NASL", "VIRTUOZZO_VZLSA-2017-2771.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703970", "OPENVAS:1361412562310703975", "OPENVAS:1361412562310811785", "OPENVAS:1361412562310843730", "OPENVAS:1361412562310843794", "OPENVAS:1361412562310851621", "OPENVAS:1361412562310873387", "OPENVAS:1361412562310873388", "OPENVAS:1361412562310873389", "OPENVAS:1361412562310873393", "OPENVAS:1361412562310873395", "OPENVAS:1361412562310873396", "OPENVAS:1361412562310873397", "OPENVAS:1361412562310873401", "OPENVAS:1361412562310873402", "OPENVAS:1361412562310873405", "OPENVAS:1361412562310873406", "OPENVAS:1361412562310873411", "OPENVAS:1361412562310873415", "OPENVAS:1361412562310873416", "OPENVAS:1361412562310873421", "OPENVAS:1361412562310873423", "OPENVAS:1361412562310873426", "OPENVAS:1361412562310873428", "OPENVAS:1361412562310873430", "OPENVAS:1361412562310873433", "OPENVAS:1361412562310873435", "OPENVAS:1361412562310873439", "OPENVAS:1361412562310873440", "OPENVAS:1361412562310882770", "OPENVAS:1361412562310891101", "OPENVAS:1361412562311220171235", "OPENVAS:1361412562311220171236", "OPENVAS:1361412562311220191381"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2771"]}, {"type": "osv", "idList": ["OSV:DLA-1101-1", "OSV:DSA-3970-1", "OSV:DSA-3975-1"]}, {"type": "redhat", "idList": ["RHSA-2017:2771"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-14482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2535-1", "SUSE-SU-2017:2529-1", "SUSE-SU-2017:2532-1"]}, {"type": "ubuntu", "idList": ["USN-3427-1", "USN-3428-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14482"]}]}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-912"]}, {"type": "canvas", "idList": ["EMACS_ENRICHED"]}, {"type": "centos", "idList": ["CESA-2017:2771"]}, {"type": "cve", "idList": ["CVE-2017-14482"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1101-1:5C0E3", "DEBIAN:DSA-3975-1:C2508"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14482"]}, {"type": "fedora", "idList": ["FEDORA:058EA6042D48", "FEDORA:12FD4601BFE7", "FEDORA:182076042D48", "FEDORA:1CBDB6048D20", "FEDORA:236CA6045A3D", "FEDORA:24A59601CFB7", "FEDORA:2564C6045A3D", "FEDORA:25F726048D32", "FEDORA:3029F608764A", "FEDORA:51A3B6021748", "FEDORA:5E5036045A3D", "FEDORA:681616021748", "FEDORA:7BCCA6021748", "FEDORA:84AF9601CFB7", "FEDORA:8A785601CFB7", "FEDORA:99654601BFE7", "FEDORA:99894601BFE7", "FEDORA:9AE226048D4F", "FEDORA:9B96A6045A2E", "FEDORA:9FBE76048715", "FEDORA:A6C306048D20", "FEDORA:A799B624C7EA", "FEDORA:A920B601BFE7", "FEDORA:DB9E7601D70C", "FEDORA:DD0C6601CFB7"]}, {"type": "gentoo", "idList": ["GLSA-201801-07"]}, {"type": "ibm", "idList": ["A4C654494872F1C77A9448C5649718FA21C36FD40C6CD59858CF99AB50D14F6D"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-912.NASL", "CENTOS_RHSA-2017-2771.NASL", "DEBIAN_DLA-1101.NASL", "DEBIAN_DSA-3970.NASL", "DEBIAN_DSA-3975.NASL", "EULEROS_SA-2017-1235.NASL", "EULEROS_SA-2017-1236.NASL", "FEDORA_2017-A1DC0EF38C.NASL", "GENTOO_GLSA-201801-07.NASL", "OPENSUSE-2017-1078.NASL", "ORACLELINUX_ELSA-2017-2771.NASL", "REDHAT-RHSA-2017-2771.NASL", "SL_20170919_EMACS_ON_SL7_X.NASL", "SUSE_SU-2017-2529-1.NASL", "SUSE_SU-2017-2532-1.NASL", "UBUNTU_USN-3427-1.NASL", "UBUNTU_USN-3428-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703970", "OPENVAS:1361412562310703975", "OPENVAS:1361412562310811785", "OPENVAS:1361412562310851621", "OPENVAS:1361412562310873387", "OPENVAS:1361412562310873388", "OPENVAS:1361412562310873389", "OPENVAS:1361412562310873393", "OPENVAS:1361412562310873395", "OPENVAS:1361412562310873396", "OPENVAS:1361412562310873397", "OPENVAS:1361412562310873401", "OPENVAS:1361412562310873402", "OPENVAS:1361412562310873405", "OPENVAS:1361412562310873406", "OPENVAS:1361412562310873411", "OPENVAS:1361412562310873415", "OPENVAS:1361412562310873416", "OPENVAS:1361412562310873421", "OPENVAS:1361412562310873423", "OPENVAS:1361412562310873426", "OPENVAS:1361412562310873428", "OPENVAS:1361412562310873430", "OPENVAS:1361412562310873433", "OPENVAS:1361412562310873435", "OPENVAS:1361412562310873439", "OPENVAS:1361412562310873440", "OPENVAS:1361412562310882770", "OPENVAS:1361412562310891101"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2771"]}, {"type": "redhat", "idList": ["RHSA-2017:2771"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-14482"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2535-1", "SUSE-SU-2017:2529-1", "SUSE-SU-2017:2532-1"]}, {"type": "ubuntu", "idList": ["USN-3427-1", "USN-3428-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14482"]}]}, "exploitation": null, "vulnersScore": -0.2}, "pluginID": "1361412562310873418", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_synfig_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfig FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873418\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:44:22 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfig FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfig'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfig on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NAJ6JCP4KCFYPKYQRD5LMS3KCIWQOX6Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfig\", rpm:\"synfig~1.2.0~1.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659994789, "score": 1659977468}, "_internal": {"score_hash": "e96329d975297fc073a7f083f97f36f6"}}
{"nessus": [{"lastseen": "2022-07-11T18:51:10", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "Debian DSA-3970-1 : emacs24 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:emacs24:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-3970.NASL", "href": "https://www.tenable.com/plugins/nessus/103147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3970. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103147);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"DSA\", value:\"3970\");\n\n script_name(english:\"Debian DSA-3970-1 : emacs24 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/emacs24\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/emacs24\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3970\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the emacs24 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 24.4+1-5+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 24.5+1-11+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"emacs24\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-bin-common\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-common\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-el\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-lucid\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-lucid-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-nox\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"emacs24-nox-dbg\", reference:\"24.4+1-5+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-bin-common\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-common\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-el\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-lucid\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-lucid-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-nox\", reference:\"24.5+1-11+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs24-nox-dbg\", reference:\"24.5+1-11+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-11T18:51:24", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-18T00:00:00", "type": "nessus", "title": "Debian DSA-3975-1 : emacs25 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:emacs25:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-3975.NASL", "href": "https://www.tenable.com/plugins/nessus/103260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3975. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103260);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"DSA\", value:\"3975\");\n\n script_name(english:\"Debian DSA-3975-1 : emacs25 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/emacs25\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3975\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the emacs25 packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs25\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"emacs25\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-bin-common\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-common\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-dbg\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-el\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-lucid\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-lucid-dbg\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-nox\", reference:\"25.1+1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"emacs25-nox-dbg\", reference:\"25.1+1-4+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:23", "description": "From Red Hat Security Advisory 2017:2771 :\n\nAn update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : emacs (ELSA-2017-2771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:emacs", "p-cpe:/a:oracle:linux:emacs-common", "p-cpe:/a:oracle:linux:emacs-el", "p-cpe:/a:oracle:linux:emacs-filesystem", "p-cpe:/a:oracle:linux:emacs-nox", "p-cpe:/a:oracle:linux:emacs-terminal", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/103347", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2771 and \n# Oracle Linux Security Advisory ELSA-2017-2771 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103347);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"RHSA\", value:\"2017:2771\");\n\n script_name(english:\"Oracle Linux 7 : emacs (ELSA-2017-2771)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2771 :\n\nAn update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-September/007210.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-el-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-filesystem-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"emacs-terminal-24.3-20.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-el / emacs-filesystem / emacs-nox / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:25", "description": "rhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-14T00:00:00", "type": "nessus", "title": "Fedora 26 : 1:emacs (2017-a1dc0ef38c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-A1DC0EF38C.NASL", "href": "https://www.tenable.com/plugins/nessus/103200", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a1dc0ef38c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103200);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"FEDORA\", value:\"2017-a1dc0ef38c\");\n\n script_name(english:\"Fedora 26 : 1:emacs (2017-a1dc0ef38c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"rhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1dc0ef38c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:emacs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"emacs-25.3-1.fc26\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:30:25", "description": "An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : emacs / emacs-common / emacs-el / emacs-filesystem / etc (VZLSA-2017-2771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:emacs", "p-cpe:/a:virtuozzo:virtuozzo:emacs-common", "p-cpe:/a:virtuozzo:virtuozzo:emacs-el", "p-cpe:/a:virtuozzo:virtuozzo:emacs-filesystem", "p-cpe:/a:virtuozzo:virtuozzo:emacs-nox", "p-cpe:/a:virtuozzo:virtuozzo:emacs-terminal", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/119225", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119225);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"Virtuozzo 7 : emacs / emacs-common / emacs-el / emacs-filesystem / etc (VZLSA-2017-2771)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2771.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da71d2f6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2771\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs / emacs-common / emacs-el / emacs-filesystem / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-24.3-20.vl7\",\n \"emacs-common-24.3-20.vl7\",\n \"emacs-el-24.3-20.vl7\",\n \"emacs-filesystem-24.3-20.vl7\",\n \"emacs-nox-24.3-20.vl7\",\n \"emacs-terminal-24.3-20.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-el / emacs-filesystem / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:26", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : emacs24 vulnerability (USN-3427-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:emacs24", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3427-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103417", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3427-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103417);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"USN\", value:\"3427-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : emacs24 vulnerability (USN-3427-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3427-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs24 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:emacs24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"emacs24\", pkgver:\"24.3+1-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"emacs24\", pkgver:\"24.5+1-6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs24\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:23", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain files. If a user were tricked into opening a specially crafted file (e.g., email messages in gnus), an attacker could possibly use this to execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : emacs25 vulnerability (USN-3428-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:emacs25", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3428-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3428-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103418);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"USN\", value:\"3428-1\");\n\n script_name(english:\"Ubuntu 17.04 : emacs25 vulnerability (USN-3428-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file\n(e.g., email messages in gnus), an attacker could possibly use this to\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3428-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs25 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:emacs25\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"emacs25\", pkgver:\"25.1+1-3ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs25\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:19", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Debian DLA-1101-1 : emacs23 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:emacs23", "p-cpe:/a:debian:debian_linux:emacs23-bin-common", "p-cpe:/a:debian:debian_linux:emacs23-common", "p-cpe:/a:debian:debian_linux:emacs23-el", "p-cpe:/a:debian:debian_linux:emacs23-lucid", "p-cpe:/a:debian:debian_linux:emacs23-nox", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1101.NASL", "href": "https://www.tenable.com/plugins/nessus/103388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1101-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103388);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"Debian DLA-1101-1 : emacs23 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary\ncode execution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/emacs23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-bin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-lucid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:emacs23-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"emacs23\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-bin-common\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-common\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-el\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-lucid\", reference:\"23.4+1-4+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"emacs23-nox\", reference:\"23.4+1-4+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:03:54", "description": "Command injection flaw within 'enriched mode' handling :\n\nA command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : emacs (ALAS-2017-912)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:emacs", "p-cpe:/a:amazon:linux:emacs-common", "p-cpe:/a:amazon:linux:emacs-debuginfo", "p-cpe:/a:amazon:linux:emacs-el", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-912.NASL", "href": "https://www.tenable.com/plugins/nessus/103825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-912.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103825);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"ALAS\", value:\"2017-912\");\n\n script_name(english:\"Amazon Linux AMI : emacs (ALAS-2017-912)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Command injection flaw within 'enriched mode' handling :\n\nA command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-912.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update emacs' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"emacs-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-common-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-debuginfo-24.3-20.22.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"emacs-el-24.3-20.22.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-debuginfo / emacs-el\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:18", "description": "Rebuilt against new ImageMagick\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : 1:emacs (2017-36893b0ea3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-36893B0EA3.NASL", "href": "https://www.tenable.com/plugins/nessus/105856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-36893b0ea3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105856);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"FEDORA\", value:\"2017-36893b0ea3\");\n\n script_name(english:\"Fedora 27 : 1:emacs (2017-36893b0ea3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebuilt against new ImageMagick\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-36893b0ea3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:emacs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"emacs-25.3-3.fc27\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:25:12", "description": "The remote host is affected by the vulnerability described in GLSA-201801-07 (GNU Emacs: Command injection)\n\n A command injection flaw within the Emacs “enriched mode” handling has been discovered.\n Impact :\n\n A remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the privileges of process.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "GLSA-201801-07 : GNU Emacs: Command injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:emacs", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201801-07.NASL", "href": "https://www.tenable.com/plugins/nessus/105633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201801-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105633);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"GLSA\", value:\"201801-07\");\n\n script_name(english:\"GLSA-201801-07 : GNU Emacs: Command injection\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201801-07\n(GNU Emacs: Command injection)\n\n A command injection flaw within the Emacs “enriched mode” handling\n has been discovered.\n \nImpact :\n\n A remote attacker, by enticing a user to open a specially crafted file,\n could execute arbitrary commands with the privileges of process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201801-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU Emacs 23.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/emacs-23.4-r16:23'\n All GNU Emacs 24.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/emacs-24.5-r4:24'\n All GNU Emacs 25.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/emacs-25.2-r1:25'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-editors/emacs\", unaffected:make_list(\"ge 23.4-r16\", \"ge 24.5-r4\", \"ge 25.2-r1\"), vulnerable:make_list(\"lt 23.4-r16\", \"lt 24.5-r4\", \"lt 25.2-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GNU Emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:19", "description": "Security Fix(es) :\n\n - A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : emacs on SL7.x x86_64 (20170919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:emacs", "p-cpe:/a:fermilab:scientific_linux:emacs-common", "p-cpe:/a:fermilab:scientific_linux:emacs-debuginfo", "p-cpe:/a:fermilab:scientific_linux:emacs-el", "p-cpe:/a:fermilab:scientific_linux:emacs-filesystem", "p-cpe:/a:fermilab:scientific_linux:emacs-nox", "p-cpe:/a:fermilab:scientific_linux:emacs-terminal", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170919_EMACS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103353);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"Scientific Linux Security Update : emacs on SL7.x x86_64 (20170919)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of the\n Emacs user. (CVE-2017-14482)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1709&L=scientific-linux-errata&F=&S=&P=1762\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?042a5a74\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-el-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-filesystem-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-terminal-24.3-20.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-debuginfo / emacs-el / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:19", "description": "An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "RHEL 7 : emacs (RHSA-2017:2771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:emacs", "p-cpe:/a:redhat:enterprise_linux:emacs-common", "p-cpe:/a:redhat:enterprise_linux:emacs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:emacs-el", "p-cpe:/a:redhat:enterprise_linux:emacs-filesystem", "p-cpe:/a:redhat:enterprise_linux:emacs-nox", "p-cpe:/a:redhat:enterprise_linux:emacs-terminal", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/103352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2771. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103352);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"RHSA\", value:\"2017:2771\");\n\n script_name(english:\"RHEL 7 : emacs (RHSA-2017:2771)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14482\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2771\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-debuginfo-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-el-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-filesystem-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"emacs-terminal-24.3-20.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-debuginfo / emacs-el / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:19", "description": "An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "CentOS 7 : emacs (CESA-2017:2771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:emacs", "p-cpe:/a:centos:centos:emacs-common", "p-cpe:/a:centos:centos:emacs-el", "p-cpe:/a:centos:centos:emacs-filesystem", "p-cpe:/a:centos:centos:emacs-nox", "p-cpe:/a:centos:centos:emacs-terminal", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/103362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2771 and \n# CentOS Errata and Security Advisory 2017:2771 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103362);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-14482\");\n script_xref(name:\"RHSA\", value:\"2017:2771\");\n\n script_name(english:\"CentOS 7 : emacs (CESA-2017:2771)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for emacs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGNU Emacs is a powerful, customizable, self-documenting text editor.\nIt provides special code editing features, a scripting language\n(elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es) :\n\n* A command injection flaw within the Emacs 'enriched mode' handling\nhas been discovered. By tricking an unsuspecting user into opening a\nspecially crafted file using Emacs, a remote attacker could exploit\nthis flaw to execute arbitrary commands with the privileges of the\nEmacs user. (CVE-2017-14482)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-September/022541.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ada4ce14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14482\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:emacs-terminal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-common-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-el-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-filesystem-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-nox-24.3-20.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"emacs-terminal-24.3-20.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-common / emacs-el / emacs-filesystem / emacs-nox / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:25", "description": "This update for emacs fixes one issues. This security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : emacs (SUSE-SU-2017:2529-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:emacs", "p-cpe:/a:novell:suse_linux:emacs-debuginfo", "p-cpe:/a:novell:suse_linux:emacs-debugsource", "p-cpe:/a:novell:suse_linux:emacs-nox", "p-cpe:/a:novell:suse_linux:emacs-nox-debuginfo", "p-cpe:/a:novell:suse_linux:emacs-x11", "p-cpe:/a:novell:suse_linux:emacs-x11-debuginfo", "p-cpe:/a:novell:suse_linux:etags", "p-cpe:/a:novell:suse_linux:etags-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2529-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2529-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103369);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : emacs (SUSE-SU-2017:2529-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for emacs fixes one issues. This security issue was \nfixed :\n\n - CVE-2017-14482: Remote code execution via mails with\n 'Content-Type: text/enriched' (bsc#1058425)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14482/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172529-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82add21c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1565=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1565=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1565=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1565=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1565=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1565=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1565=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1565=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1565=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-nox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:etags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:etags-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-nox-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-nox-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-nox-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-nox-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-nox-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-nox-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-nox-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-nox-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"emacs-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"emacs-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"emacs-debugsource-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"emacs-x11-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"emacs-x11-debuginfo-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"etags-24.3-25.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"etags-debuginfo-24.3-25.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:33", "description": "This update for emacs fixes one issues.\n\nThis security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : emacs (openSUSE-2017-1078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:emacs", "p-cpe:/a:novell:opensuse:emacs-debuginfo", "p-cpe:/a:novell:opensuse:emacs-debugsource", "p-cpe:/a:novell:opensuse:emacs-el", "p-cpe:/a:novell:opensuse:emacs-info", "p-cpe:/a:novell:opensuse:emacs-nox", "p-cpe:/a:novell:opensuse:emacs-nox-debuginfo", "p-cpe:/a:novell:opensuse:emacs-x11", "p-cpe:/a:novell:opensuse:emacs-x11-debuginfo", "p-cpe:/a:novell:opensuse:etags", "p-cpe:/a:novell:opensuse:etags-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1078.NASL", "href": "https://www.tenable.com/plugins/nessus/103368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1078.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103368);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"openSUSE Security Update : emacs (openSUSE-2017-1078)\");\n script_summary(english:\"Check for the openSUSE-2017-1078 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for emacs fixes one issues.\n\nThis security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with\n 'Content-Type: text/enriched' (bsc#1058425)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058425\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected emacs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-nox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:emacs-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:etags\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:etags-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-debugsource-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-el-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-info-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-nox-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-nox-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-x11-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"emacs-x11-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"etags-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"etags-debuginfo-24.3-24.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-debugsource-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-el-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-info-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-nox-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-nox-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-x11-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"emacs-x11-debuginfo-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"etags-24.3-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"etags-debuginfo-24.3-28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs / emacs-debuginfo / emacs-debugsource / emacs-el / emacs-info / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:33", "description": "This update for emacs fixes one issues. This security issue was fixed :\n\n - CVE-2017-14482: Remote code execution via mails with 'Content-Type: text/enriched' (bsc#1058425)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : emacs (SUSE-SU-2017:2532-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:emacs", "p-cpe:/a:novell:suse_linux:emacs-el", "p-cpe:/a:novell:suse_linux:emacs-info", "p-cpe:/a:novell:suse_linux:emacs-nox", "p-cpe:/a:novell:suse_linux:emacs-x11", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2532-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2532-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103370);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-14482\");\n\n script_name(english:\"SUSE SLES11 Security Update : emacs (SUSE-SU-2017:2532-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for emacs fixes one issues. This security issue was \nfixed :\n\n - CVE-2017-14482: Remote code execution via mails with\n 'Content-Type: text/enriched' (bsc#1058425)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14482/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172532-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cdb7c10a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-emacs-13285=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-emacs-13285=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-emacs-13285=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-emacs-13285=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-emacs-13285=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-emacs-13285=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-info\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:emacs-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"emacs-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"emacs-el-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"emacs-info-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"emacs-nox-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"emacs-x11-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"emacs-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"emacs-el-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"emacs-info-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"emacs-nox-22.3-42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"emacs-x11-22.3-42.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:08", "description": "According to the version of the emacs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : emacs (EulerOS-SA-2017-1235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:emacs", "p-cpe:/a:huawei:euleros:emacs-common", "p-cpe:/a:huawei:euleros:emacs-filesystem", "p-cpe:/a:huawei:euleros:emacs-nox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/103737", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103737);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : emacs (EulerOS-SA-2017-1235)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the emacs packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of\n the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1235\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2439b1d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-24.3-20\",\n \"emacs-common-24.3-20\",\n \"emacs-filesystem-24.3-20\",\n \"emacs-nox-24.3-20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:02", "description": "According to the version of the emacs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : emacs (EulerOS-SA-2017-1236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:emacs", "p-cpe:/a:huawei:euleros:emacs-common", "p-cpe:/a:huawei:euleros:emacs-filesystem", "p-cpe:/a:huawei:euleros:emacs-nox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1236.NASL", "href": "https://www.tenable.com/plugins/nessus/103738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103738);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : emacs (EulerOS-SA-2017-1236)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the emacs packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of\n the Emacs user. (CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1236\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?87a5a1e4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-nox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-24.3-20\",\n \"emacs-common-24.3-20\",\n \"emacs-filesystem-24.3-20\",\n \"emacs-nox-24.3-20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:35", "description": "According to the version of the emacs package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.(CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : emacs (EulerOS-SA-2019-1381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:emacs-filesystem", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1381.NASL", "href": "https://www.tenable.com/plugins/nessus/124884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124884);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-14482\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : emacs (EulerOS-SA-2019-1381)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the emacs package installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A command injection flaw within the Emacs 'enriched\n mode' handling has been discovered. By tricking an\n unsuspecting user into opening a specially crafted file\n using Emacs, a remote attacker could exploit this flaw\n to execute arbitrary commands with the privileges of\n the Emacs user.(CVE-2017-14482)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1381\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b41494b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected emacs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:emacs-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"emacs-filesystem-24.3-21\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:35:27", "description": "Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3 4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include bugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9907", "CVE-2016-5010", "CVE-2016-5841", "CVE-2016-6491", "CVE-2016-8707", "CVE-2016-9556", "CVE-2017-10928", "CVE-2017-10995", "CVE-2017-11141", "CVE-2017-11170", "CVE-2017-11188", "CVE-2017-11352", "CVE-2017-11360", "CVE-2017-11446", "CVE-2017-11447", "CVE-2017-11449", "CVE-2017-11450", "CVE-2017-11523", "CVE-2017-11639", "CVE-2017-11640", "CVE-2017-11644", "CVE-2017-11724", "CVE-2017-12140", "CVE-2017-12418", "CVE-2017-12427", "CVE-2017-12433", "CVE-2017-12587", "CVE-2017-12640", "CVE-2017-14482", "CVE-2017-7941", "CVE-2017-9098", "CVE-2017-9141"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:emacs", "p-cpe:/a:fedoraproject:fedora:ImageMagick", "p-cpe:/a:fedoraproject:fedora:WindowMaker", "p-cpe:/a:fedoraproject:fedora:autotrace", "p-cpe:/a:fedoraproject:fedora:converseen", "p-cpe:/a:fedoraproject:fedora:drawtiming", "p-cpe:/a:fedoraproject:fedora:gtatool", "p-cpe:/a:fedoraproject:fedora:imageinfo", "p-cpe:/a:fedoraproject:fedora:inkscape", "p-cpe:/a:fedoraproject:fedora:k3d", "p-cpe:/a:fedoraproject:fedora:kxstitch", "p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind", "p-cpe:/a:fedoraproject:fedora:pfstools", "p-cpe:/a:fedoraproject:fedora:php-pecl-imagick", "p-cpe:/a:fedoraproject:fedora:psiconv", "p-cpe:/a:fedoraproject:fedora:q", "p-cpe:/a:fedoraproject:fedora:ripright", "p-cpe:/a:fedoraproject:fedora:rss-glx", "p-cpe:/a:fedoraproject:fedora:rubygem-rmagick", "p-cpe:/a:fedoraproject:fedora:synfig", "p-cpe:/a:fedoraproject:fedora:synfigstudio", "p-cpe:/a:fedoraproject:fedora:techne", "p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr", "p-cpe:/a:fedoraproject:fedora:vips", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-3A568ADB31.NASL", "href": "https://www.tenable.com/plugins/nessus/103333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-3a568adb31.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103333);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9907\", \"CVE-2016-5010\", \"CVE-2016-5841\", \"CVE-2016-6491\", \"CVE-2016-8707\", \"CVE-2016-9556\", \"CVE-2017-10928\", \"CVE-2017-10995\", \"CVE-2017-11141\", \"CVE-2017-11170\", \"CVE-2017-11188\", \"CVE-2017-11352\", \"CVE-2017-11360\", \"CVE-2017-11446\", \"CVE-2017-11447\", \"CVE-2017-11449\", \"CVE-2017-11450\", \"CVE-2017-11523\", \"CVE-2017-11639\", \"CVE-2017-11640\", \"CVE-2017-11644\", \"CVE-2017-11724\", \"CVE-2017-12140\", \"CVE-2017-12418\", \"CVE-2017-12427\", \"CVE-2017-12433\", \"CVE-2017-12587\", \"CVE-2017-12640\", \"CVE-2017-14482\", \"CVE-2017-7941\", \"CVE-2017-9098\", \"CVE-2017-9141\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n\n script_name(english:\"Fedora 25 : 1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc (2017-3a568adb31)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Many security fixes, bug fixes, and other changes from the previous\nversion 6.9.3.0. See the [6.9 branch\nChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac3\n4977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog).\n\nDependent packages are mostly straight rebuilds, a couple also include\nbugfix version updates.\n\n----\n\nrhbz#1490649 - emacs-25.3 is available\n\nrhbz#1490410 - unsafe enriched mode translations (security)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a568adb31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ImageMagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:WindowMaker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:autotrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:converseen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:drawtiming\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gtatool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imageinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:inkscape\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:k3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kxstitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Image-SubImageFind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pfstools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pecl-imagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:psiconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:q\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ripright\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rss-glx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rmagick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:synfigstudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:techne\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vdr-scraper2vdr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:vips\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"emacs-25.3-3.fc25\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ImageMagick-6.9.9.13-1.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"WindowMaker-0.95.7-3.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"autotrace-0.31.1-49.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"converseen-0.9.6.2-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"drawtiming-0.7.1-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"gtatool-2.2.0-6.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"imageinfo-0.05-27.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"inkscape-0.92.1-4.20170510bzr15686.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"k3d-0.8.0.6-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"kxstitch-1.2.0-9.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"perl-Image-SubImageFind-0.03-13.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"pfstools-2.0.6-3.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"php-pecl-imagick-3.4.3-2.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"psiconv-0.9.8-22.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"q-7.11-29.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"ripright-0.11-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rss-glx-0.9.1.p-27.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"rubygem-rmagick-2.16.0-4.fc25.2\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfig-1.2.0-1.fc25.1\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"synfigstudio-1.2.0-5.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"techne-0.2.3-20.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"vips-8.4.4-1.fc25.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:emacs / ImageMagick / WindowMaker / autotrace / converseen / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:12:31", "description": "\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 24.4+1-5+deb8u1.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 24.5+1-11+deb9u1.\n\n\nWe recommend that you upgrade your emacs24 packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "osv", "title": "emacs24 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2022-08-10T07:12:29", "id": "OSV:DSA-3970-1", "href": "https://osv.dev/vulnerability/DSA-3970-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:12:33", "description": "\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\n\n\nWe recommend that you upgrade your emacs25 packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-15T00:00:00", "type": "osv", "title": "emacs25 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2022-08-10T07:12:30", "id": "OSV:DSA-3975-1", "href": "https://osv.dev/vulnerability/DSA-3975-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:20:19", "description": "\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n23.4+1-4+deb7u1.\n\n\nWe recommend that you upgrade your emacs23 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-21T00:00:00", "type": "osv", "title": "emacs23 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2022-07-21T05:51:48", "id": "OSV:DLA-1101-1", "href": "https://osv.dev/vulnerability/DLA-1101-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:51:29", "description": "**CentOS Errata and Security Advisory** CESA-2017:2771\n\n\nGNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-September/059460.html\n\n**Affected packages:**\nemacs\nemacs-common\nemacs-el\nemacs-filesystem\nemacs-nox\nemacs-terminal\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:2771", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-20T12:06:23", "type": "centos", "title": "emacs security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-20T12:06:23", "id": "CESA-2017:2771", "href": "https://lists.centos.org/pipermail/centos-announce/2017-September/059460.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:06:53", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for emacs23 (DLA-1101-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891101", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891101", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891101\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_name(\"Debian LTS: Security Advisory for emacs23 (DLA-1101-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00018.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"emacs23 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\");\n\n script_tag(name:\"summary\", value:\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23-bin-common\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23-common\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23-el\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23-lucid\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"emacs23-nox\", ver:\"23.4+1-4+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1235)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171235", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1235\");\n script_version(\"2020-01-23T11:00:20+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1235)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1235\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1235\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'emacs' package(s) announced via the EulerOS-SA-2017-1235 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\");\n\n script_tag(name:\"affected\", value:\"'emacs' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).", "cvss3": {}, "published": "2017-09-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3970-1 (emacs24 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703970", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3970.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3970-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703970\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_name(\"Debian Security Advisory DSA 3970-1 (emacs24 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-12 00:00:00 +0200 (Tue, 12 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3970.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"emacs24 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 24.4+1-5+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 24.5+1-11+deb9u1.\n\nWe recommend that you upgrade your emacs24 packages.\");\n script_tag(name:\"summary\", value:\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-bin-common\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-common\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-dbg\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-el\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-lucid\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-lucid-dbg\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-nox\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-nox-dbg\", ver:\"24.4+1-5+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-bin-common\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-common\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-dbg\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-el\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-lucid\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-lucid-dbg\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-nox\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs24-nox-dbg\", ver:\"24.5+1-11+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for emacs25 USN-3428-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3428_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for emacs25 USN-3428-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843730\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:12:39 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for emacs25 USN-3428-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n script_xref(name:\"USN\", value:\"3428-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3428-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs25'\n package(s) announced via the USN-3428-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file, an\nattacker could possibly use this to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"emacs25 on Ubuntu 17.04.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"emacs25\", ver:\"25.1+1-3ubuntu4.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for emacs24 USN-3427-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3427_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for emacs24 USN-3427-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843794\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:21:14 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for emacs24 USN-3427-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3427-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3427-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs24'\n package(s) announced via the USN-3427-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Charles A. Roelli discovered that Emacs incorrectly handled certain\nfiles. If a user were tricked into opening a specially crafted file, an\nattacker could possibly use this to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"emacs24 on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.3+1-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"emacs24\", ver:\"24.5+1-6ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:12", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1236)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171236", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171236", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1236\");\n script_version(\"2020-01-23T11:00:21+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:00:21 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:00:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2017-1236)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1236\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1236\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'emacs' package(s) announced via the EulerOS-SA-2017-1236 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)\");\n\n script_tag(name:\"affected\", value:\"'emacs' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2019-1381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191381", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1381\");\n script_version(\"2020-01-23T11:41:05+0000\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2019-1381)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1381\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1381\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'emacs' package(s) announced via the EulerOS-SA-2019-1381 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A command injection flaw within the Emacs 'enriched mode' handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.(CVE-2017-14482)\");\n\n script_tag(name:\"affected\", value:\"'emacs' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~21\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-21T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for emacs (openSUSE-SU-2017:2535-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851621", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851621\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-21 07:19:43 +0200 (Thu, 21 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for emacs (openSUSE-SU-2017:2535-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with 'Content-Type:\n text/enriched' (bsc#1058425)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"emacs on openSUSE Leap 42.3, openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2535-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.3)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debugsource\", rpm:\"emacs-debugsource~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox-debuginfo\", rpm:\"emacs-nox-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11\", rpm:\"emacs-x11~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11-debuginfo\", rpm:\"emacs-x11-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags\", rpm:\"etags~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags-debuginfo\", rpm:\"etags-debuginfo~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-el\", rpm:\"emacs-el~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-info\", rpm:\"emacs-info~24.3~24.6.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-debugsource\", rpm:\"emacs-debugsource~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-nox-debuginfo\", rpm:\"emacs-nox-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11\", rpm:\"emacs-x11~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-x11-debuginfo\", rpm:\"emacs-x11-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags\", rpm:\"etags~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"etags-debuginfo\", rpm:\"etags-debuginfo~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-el\", rpm:\"emacs-el~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-info\", rpm:\"emacs-info~24.3~28.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for q FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873423", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873423", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_q_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for q FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873423\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:51 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for q FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'q'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"q on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MA2XGOSVY7YINVS2EF4BMMHAOX5JJH4K\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"q\", rpm:\"q~7.11~29.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vdr-scraper2vdr FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873433", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_vdr-scraper2vdr_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vdr-scraper2vdr FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873433\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:12:16 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vdr-scraper2vdr FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vdr-scraper2vdr'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vdr-scraper2vdr on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI5DF2BUI3SAO7LVL3MWLCPCPIBKYAM7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"vdr-scraper2vdr\", rpm:\"vdr-scraper2vdr~1.0.5~4.20170611git254122b.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ImageMagick FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873430", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_ImageMagick_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ImageMagick FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873430\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:06:16 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ImageMagick FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ImageMagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ImageMagick on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTQN6XNXCIO2KXTCAS5INHKNFH4VFJD3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"ImageMagick\", rpm:\"ImageMagick~6.9.9.13~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for WindowMaker FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873416", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_WindowMaker_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for WindowMaker FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873416\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:52 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for WindowMaker FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'WindowMaker'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"WindowMaker on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5YMZMDIIVRIJGPIALQVVGF4HOBS6DDI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"WindowMaker\", rpm:\"WindowMaker~0.95.7~3.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for autotrace FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873393", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873393", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_autotrace_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for autotrace FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873393\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:13:32 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for autotrace FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'autotrace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"autotrace on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JXR45ED53PEMQOFGTKKLWXBLBFNEPED\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"autotrace\", rpm:\"autotrace~0.31.1~49.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).", "cvss3": {}, "published": "2017-09-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3975-1 (emacs25 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703975", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703975", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3975.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3975-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703975\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-14482\");\n script_name(\"Debian Security Advisory DSA 3975-1 (emacs25 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-15 00:00:00 +0200 (Fri, 15 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3975.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"emacs25 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\n\nWe recommend that you upgrade your emacs25 packages.\");\n script_tag(name:\"summary\", value:\"Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"emacs25\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-bin-common\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-common\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-el\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-lucid\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-lucid-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-nox\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"emacs25-nox-dbg\", ver:\"25.1+1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for imageinfo FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873440", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_imageinfo_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for imageinfo FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873440\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:21:46 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for imageinfo FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'imageinfo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"imageinfo on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWGX3I5PTMLTJJESM4364FFCZIA3HQPQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"imageinfo\", rpm:\"imageinfo~0.05~27.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "RedHat Update for emacs RHSA-2017:2771-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310811785", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811785", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2771-01_emacs.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for emacs RHSA-2017:2771-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811785\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 11:44:37 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for emacs RHSA-2017:2771-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GNU Emacs is a powerful, customizable,\nself-documenting text editor. It provides special code editing features, a scripting\nlanguage (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n * A command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a specially\ncrafted file using Emacs, a remote attacker could exploit this flaw to\nexecute arbitrary commands with the privileges of the Emacs user.\n(CVE-2017-14482)\");\n script_tag(name:\"affected\", value:\"emacs on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2771-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-September/msg00046.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-debuginfo\", rpm:\"emacs-debuginfo~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:55", "description": "Check the version of emacs", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "CentOS Update for emacs CESA-2017:2771 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2771_emacs_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for emacs CESA-2017:2771 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882770\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 15:58:39 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for emacs CESA-2017:2771 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of emacs\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GNU Emacs is a powerful, customizable,\nself-documenting text editor. It provides special code editing features,\na scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n * A command injection flaw within the Emacs 'enriched mode' handling has\nbeen discovered. By tricking an unsuspecting user into opening a specially\ncrafted file using Emacs, a remote attacker could exploit this flaw to\nexecute arbitrary commands with the privileges of the Emacs user.\n(CVE-2017-14482)\");\n script_tag(name:\"affected\", value:\"emacs on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2771\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-September/022541.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-common\", rpm:\"emacs-common~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-el\", rpm:\"emacs-el~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-filesystem\", rpm:\"emacs-filesystem~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-nox\", rpm:\"emacs-nox~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"emacs-terminal\", rpm:\"emacs-terminal~24.3~20.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for converseen FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873387", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_converseen_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for converseen FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873387\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:03:57 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for converseen FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'converseen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"converseen on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5KB2XDN3NDXNOJHEREJEGYXELBV3626\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"converseen\", rpm:\"converseen~0.9.6.2~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rmagick FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873388", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_rubygem-rmagick_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygem-rmagick FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873388\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:03:59 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygem-rmagick FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rmagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygem-rmagick on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQ6AIIW4PNNA3PNQHQC4UOZBYEZU6D3J\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygem-rmagick\", rpm:\"rubygem-rmagick~2.16.0~4.fc25.2\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for ripright FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873415", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873415", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_ripright_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ripright FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873415\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:40:49 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ripright FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ripright'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ripright on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGFDWBEH5ZSA34JU5F65W265DMT6REZE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"ripright\", rpm:\"ripright~0.11~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for emacs FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_emacs_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for emacs FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873402\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:38 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for emacs FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"emacs on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DM23JSQPJGK3E4IINTRSHJCKR3BYYBA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"emacs\", rpm:\"emacs~25.3~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for php-pecl-imagick FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_php-pecl-imagick_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for php-pecl-imagick FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873401\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:22:36 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for php-pecl-imagick FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'php-pecl-imagick'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"php-pecl-imagick on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3Q6KYVTBYQD574UMZ53CNBNCC24AJEL\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pecl-imagick\", rpm:\"php-pecl-imagick~3.4.3~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for psiconv FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873389", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_psiconv_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for psiconv FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873389\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:04:01 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for psiconv FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'psiconv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"psiconv on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WWYYBEL5HZOAX6K7BQCKYUNHQNJKTOQC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"psiconv\", rpm:\"psiconv~0.9.8~22.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for synfigstudio FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873397", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_synfigstudio_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for synfigstudio FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873397\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:32 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for synfigstudio FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'synfigstudio'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"synfigstudio on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OFQ7C3QYOJKOCR3RZRQFO2ECEF7XRXU4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"synfigstudio\", rpm:\"synfigstudio~1.2.0~5.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for vips FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873411", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_vips_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for vips FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873411\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:37:50 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for vips FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vips'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"vips on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWFEVLNHZZZG6WAWQZXKJJ7L7PYR6JXU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"vips\", rpm:\"vips~8.4.4~1.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for drawtiming FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873439", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873439", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_drawtiming_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for drawtiming FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873439\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:21:44 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for drawtiming FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'drawtiming'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"drawtiming on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMBOSBNIEHHS54H62EKAOA7UMMOLCJM2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"drawtiming\", rpm:\"drawtiming~0.7.1~22.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for inkscape FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873428", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_inkscape_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for inkscape FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873428\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:03:23 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for inkscape FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'inkscape'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"inkscape on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TI4JQ5S4NHOJ4CJXAZKILZT27DMS3FFZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"inkscape\", rpm:\"inkscape~0.92.1~4.20170510bzr15686.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for k3d FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_k3d_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for k3d FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873435\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 13:15:21 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for k3d FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'k3d'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"k3d on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSM7KVLSIHUJAS5WJTNZPSNGFTH3XIFX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"k3d\", rpm:\"k3d~0.8.0.6~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for gtatool FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873405", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873405", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_gtatool_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gtatool FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873405\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:36 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gtatool FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gtatool'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gtatool on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4L6LVGI7FQUFPEVUSL2XLH4ZQQMYKNQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"gtatool\", rpm:\"gtatool~2.2.0~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for kxstitch FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_kxstitch_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kxstitch FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873426\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:59:59 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kxstitch FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kxstitch'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kxstitch on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY2DOJ6KKKH5QPMQP3VCGIKQPW5IMTVI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kxstitch\", rpm:\"kxstitch~1.2.0~9.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for techne FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_techne_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for techne FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873406\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:25:39 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for techne FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'techne'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"techne on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTQSSWGP72YETFVI5YL3PGTJSULLG5A4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"techne\", rpm:\"techne~0.2.3~20.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_perl-Image-SubImageFind_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873396\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:30 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for perl-Image-SubImageFind FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-Image-SubImageFind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"perl-Image-SubImageFind on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RO6WOIFENV3HIOGSLGQNESXPAIYKVSYI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Image-SubImageFind\", rpm:\"perl-Image-SubImageFind~0.03~13.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for rss-glx FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_rss-glx_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rss-glx FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873421\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:50:52 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rss-glx FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rss-glx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rss-glx on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGF477JVXIN2KZRJ52L33YXJ4U2VZE4J\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rss-glx\", rpm:\"rss-glx~0.9.1.p~27.fc25.1\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Fedora Update for pfstools FEDORA-2017-3a568adb31", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_3a568adb31_pfstools_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for pfstools FEDORA-2017-3a568adb31\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873395\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:16:28 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-14482\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for pfstools FEDORA-2017-3a568adb31\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pfstools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"pfstools on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-3a568adb31\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2MTN45W725FHFWYU4JD2LC5RLO2EDL4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"pfstools\", rpm:\"pfstools~2.0.6~3.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "canvas": [{"lastseen": "2021-07-28T14:33:39", "edition": 3, "description": "**Name**| emacs_enriched \n---|--- \n**CVE**| CVE-2017-14482 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Emacs Enriched Mime-type Handler Arbitrary ELISP Execution \n**Notes**| CVE Name: CVE-2017-14482 \nVENDOR: https://www.gnu.org/software/emacs/ \nNotes: \nEither email this to someone using the GNUS email client or convince \nthem to open it like a normal file. You will eventually get a MOSDEF \nshell. \n \nWARNING: For the CEU release it will likely lock the editor. \n \nTested Operating Systems: \n* Emacs 24.5.1 - Ubuntu 16.04 LTS \n* \n \n \nRepeatability: Infinite \nReferences: ['https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70', 'https://access.redhat.com/security/cve/CVE-2017-14482'] \nCVE URL: https://access.redhat.com/security/cve/CVE-2017-14482 \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-14T16:29:00", "type": "canvas", "title": "Immunity Canvas: EMACS_ENRICHED", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-14T16:29:00", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/emacs_enriched", "id": "EMACS_ENRICHED", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:48:00", "description": "A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user.\n#### Mitigation\n\nThis issue can be mitigated by adding the following lines to the Emacs init file (for example ~/.emacs, ~/emacs.d/init.el, site-start.el) and avoiding options that would bypass normal initialization, like 'emacs -Q': \n\n\n ;; Mitigate CVE-2017-14482 in Emacs 25.2 and earlier \n(require 'enriched) \n(defun enriched-decode-display-prop (start end &optional param) \n (list start end)) \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-15T07:48:36", "type": "redhatcve", "title": "CVE-2017-14482", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2021-08-27T04:43:42", "id": "RH:CVE-2017-14482", "href": "https://access.redhat.com/security/cve/cve-2017-14482", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T13:34:06", "description": "Package : emacs23\nVersion : 23.4+1-4+deb7u1\nCVE ID : CVE-2017-14482\n\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-21T19:50:29", "type": "debian", "title": "[SECURITY] [DLA 1101-1] emacs23 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T19:50:29", "id": "DEBIAN:DLA-1101-1:035BC", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00018.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:13:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3975-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 15, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : emacs25\nCVE ID : CVE-2017-14482\n\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.\n\nWe recommend that you upgrade your emacs25 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-15T21:21:38", "type": "debian", "title": "[SECURITY] [DSA 3975-1] emacs25 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-15T21:21:38", "id": "DEBIAN:DSA-3975-1:C2508", "href": "https://lists.debian.org/debian-security-announce/2017/msg00237.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-05T04:01:36", "description": "Package : emacs23\nVersion : 23.4+1-4+deb7u1\nCVE ID : CVE-2017-14482\n\nCharles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n23.4+1-4+deb7u1.\n\nWe recommend that you upgrade your emacs23 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-21T19:50:29", "type": "debian", "title": "[SECURITY] [DLA 1101-1] emacs23 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T19:50:29", "id": "DEBIAN:DLA-1101-1:5C0E3", "href": "https://lists.debian.org/debian-lts-announce/2017/09/msg00018.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:48:02", "description": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-14T16:29:00", "type": "debiancve", "title": "CVE-2017-14482", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-14T16:29:00", "id": "DEBIANCVE:CVE-2017-14482", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14482", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:41:43", "description": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-14T16:29:00", "type": "cve", "title": "CVE-2017-14482", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:gnu:emacs:25.2", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2017-14482", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14482", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:emacs:25.2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data (e.g. when using Emacs-based mail clients) (CVE-2017-14482). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-31T00:10:15", "type": "mageia", "title": "Updated emacs packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-12-31T00:10:15", "id": "MGASA-2017-0476", "href": "https://advisories.mageia.org/MGASA-2017-0476.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:45:45", "description": "GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.\n\nSecurity Fix(es):\n\n* A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T17:47:10", "type": "redhat", "title": "(RHSA-2017:2771) Important: emacs security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2018-04-11T23:33:12", "id": "RHSA-2017:2771", "href": "https://access.redhat.com/errata/RHSA-2017:2771", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:11", "description": "[1:24.3-20]\n- fix unsafe enriched mode translations (#1490452)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T00:00:00", "type": "oraclelinux", "title": "emacs security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T00:00:00", "id": "ELSA-2017-2771", "href": "http://linux.oracle.com/errata/ELSA-2017-2771.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:40", "description": "### Background\n\nGNU Emacs is a highly extensible and customizable text editor.\n\n### Description\n\nA command injection flaw within the Emacs \u201cenriched mode\u201d handling has been discovered. \n\n### Impact\n\nA remote attacker, by enticing a user to open a specially crafted file, could execute arbitrary commands with the privileges of process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU Emacs 23.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-23.4-r16:23\"\n \n\nAll GNU Emacs 24.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-24.5-r4:24\"\n \n\nAll GNU Emacs 25.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/emacs-25.2-r1:25\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-07T00:00:00", "type": "gentoo", "title": "GNU Emacs: Command injection", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2018-01-08T00:00:00", "id": "GLSA-201801-07", "href": "https://security.gentoo.org/glsa/201801-07", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-09-20T17:10:01", "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n", "cvss3": {}, "published": "2017-09-20T15:08:02", "type": "suse", "title": "Security update for emacs (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-20T15:08:02", "id": "SUSE-SU-2017:2529-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00074.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-21T17:38:01", "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n", "cvss3": {}, "published": "2017-09-20T18:09:19", "type": "suse", "title": "Security update for emacs (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-20T18:09:19", "id": "SUSE-SU-2017:2532-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00075.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-09-21T17:38:01", "description": "This update for emacs fixes one issues.\n\n This security issue was fixed:\n\n - CVE-2017-14482: Remote code execution via mails with "Content-Type:\n text/enriched" (bsc#1058425)\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-09-21T03:07:15", "type": "suse", "title": "Security update for emacs (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T03:07:15", "id": "OPENSUSE-SU-2017:2535-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00077.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2022-01-04T12:06:30", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain \nfiles. If a user were tricked into opening a specially crafted file (e.g., email \nmessages in gnus), an attacker could possibly use this to execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-21T00:00:00", "type": "ubuntu", "title": "Emacs vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T00:00:00", "id": "USN-3428-1", "href": "https://ubuntu.com/security/notices/USN-3428-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T12:06:33", "description": "Charles A. Roelli discovered that Emacs incorrectly handled certain \nfiles. If a user were tricked into opening a specially crafted file (e.g., email \nmessages in gnus), an attacker could possibly use this to execute arbitrary code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-21T00:00:00", "type": "ubuntu", "title": "Emacs vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-21T00:00:00", "id": "USN-3427-1", "href": "https://ubuntu.com/security/notices/USN-3427-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:26:28", "description": "**Issue Overview:**\n\nCommand injection flaw within \"enriched mode\" handling: \nA command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482) \n\n\n \n**Affected Packages:** \n\n\nemacs\n\n \n**Issue Correction:** \nRun _yum update emacs_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 emacs-common-24.3-20.22.amzn1.i686 \n \u00a0\u00a0\u00a0 emacs-24.3-20.22.amzn1.i686 \n \u00a0\u00a0\u00a0 emacs-debuginfo-24.3-20.22.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 emacs-el-24.3-20.22.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 emacs-24.3-20.22.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 emacs-24.3-20.22.amzn1.x86_64 \n \u00a0\u00a0\u00a0 emacs-common-24.3-20.22.amzn1.x86_64 \n \u00a0\u00a0\u00a0 emacs-debuginfo-24.3-20.22.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-12T20:38:00", "type": "amazon", "title": "Important: emacs", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-10-13T00:11:00", "id": "ALAS-2017-912", "href": "https://alas.aws.amazon.com/ALAS-2017-912.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:10", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: autotrace-0.31.1-49.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:10", "id": "FEDORA:DB9E7601D70C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5JXR45ED53PEMQOFGTKKLWXBLBFNEPED/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Converseen is a batch image conversion tool and resizer written in C++ with Qt5 and Magick++. Converseen allows you to convert images in more than 100 different formats! ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:11", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: converseen-0.9.6.2-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:11", "id": "FEDORA:681616021748", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P5KB2XDN3NDXNOJHEREJEGYXELBV3626/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:12", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: emacs-25.3-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:12", "id": "FEDORA:5E5036045A3D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DM23JSQPJGK3E4IINTRSHJCKR3BYYBA/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A command line tool for generating timing diagrams from ASCII input files. The input files use a structured language to represent signal state transitions and interdependencies. Raster image output support is provided by ImageMagick. It can be used for VHDL or verilog presentations. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:11", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: drawtiming-0.7.1-22.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:11", "id": "FEDORA:DD0C6601CFB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LMBOSBNIEHHS54H62EKAOA7UMMOLCJM2/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Inkscape is a vector graphics editor, with capabilities similar to Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector Graphics (SVG) file format. It is therefore a very useful tool for web designers and as an interchange format for desktop publishing. Inkscape supports many advanced SVG features (markers, clones, alpha blending, etc.) and great care is taken in designing a streamlined interface. It is very easy to edit nodes, perform complex path operations, trace bitmaps and much more. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:15", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: inkscape-0.92.1-4.20170510bzr15686.fc25.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:15", "id": "FEDORA:7BCCA6021748", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TI4JQ5S4NHOJ4CJXAZKILZT27DMS3FFZ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "K-3D is a complete 3D modeling, animation and rendering system. K-3D features a robust, object oriented plugin architecture, designed to scale to the needs of professional artists. It is designed from the ground up to generate motion picture quality animation using RenderMan compliant render engines. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:16", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: k3d-0.8.0.6-8.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:16", "id": "FEDORA:12FD4601BFE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GSM7KVLSIHUJAS5WJTNZPSNGFTH3XIFX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "KXStitch can be used to create cross stitch patterns from scratch. It is al so possible to convert existing images to a cross stitch pattern or scan one w ith a Sane supported scanner. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:16", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kxstitch-1.2.0-9.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:16", "id": "FEDORA:8A785601CFB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY2DOJ6KKKH5QPMQP3VCGIKQPW5IMTVI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:43:39", "description": "Perl module to aide in locating a sub-image within an image. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:17", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: perl-Image-SubImageFind-0.03-13.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:17", "id": "FEDORA:2564C6045A3D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RO6WOIFENV3HIOGSLGQNESXPAIYKVSYI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Gtatool is a command line tool to manipulate GTAs. It provides a set of commands that manipulate GTAs on various levels: array element components, array dimensions, whole arrays, and streams of ar rays. For example, you can add components to array elements, merge separate arrays into combined arrays in different ways, apply global transformations to arr ay data, reorder the array data, and much more. Additionally, gtatool can import from and export to many other file formats , see the sub-packages! ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:13", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: gtatool-2.2.0-6.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:13", "id": "FEDORA:51A3B6021748", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P4L6LVGI7FQUFPEVUSL2XLH4ZQQMYKNQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "ImageInfo computes and displays selected image attributes. It is similar in function to the ImageMagick \"identify\" utility, but provides a few additional attributes (such as details of embedded ICC profiles), and allows command line selection of the attributes to be computed, avoiding unnecessary computation and and allowing easier parsing of results when this utility is called from a script. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:14", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: imageinfo-0.05-27.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:14", "id": "FEDORA:84AF9601CFB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QWGX3I5PTMLTJJESM4364FFCZIA3HQPQ/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "pfstools is a set of command line programs for reading, writing, manipulating and viewing high-dynamic range (HDR) images and video frames. All programs in the package exchange data using unix pipes and a simple generic HDR image format (pfs). The concept of the pfstools is similar to netpbm package for low-dynamic range images. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:17", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: pfstools-2.0.6-3.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:17", "id": "FEDORA:9FBE76048715", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z2MTN45W725FHFWYU4JD2LC5RLO2EDL4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A conversion utility for the Psion files ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:18", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: psiconv-0.9.8-22.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:18", "id": "FEDORA:9B96A6045A2E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WWYYBEL5HZOAX6K7BQCKYUNHQNJKTOQC/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "imagick is a native php extension to create and modify images using the ImageMagick API. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:18", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: php-pecl-imagick-3.4.3-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:18", "id": "FEDORA:24A59601CFB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I3Q6KYVTBYQD574UMZ53CNBNCC24AJEL/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced applications, and also as a sophisticated kind of desktop calculator. The distribution includes the Q programming tools, a standard library, add-on modules for interfacing to Curl, GNU dbm, ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:19", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: q-7.11-29.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:19", "id": "FEDORA:236CA6045A3D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MA2XGOSVY7YINVS2EF4BMMHAOX5JJH4K/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:39:03", "description": "ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed work in the original format or a different one. ImageMagick also includes command line programs for creating animated or transparent .gifs, creating composite images, creating thumbnail images, and more. ImageMagick is one of your choices if you need a program to manipulate and display images. If you want to develop your own applications which use ImageMagick code or APIs, you need to install ImageMagick-devel as well. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:15", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: ImageMagick-6.9.9.13-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:15", "id": "FEDORA:058EA6042D48", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YTQN6XNXCIO2KXTCAS5INHKNFH4VFJD3/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "RipRight is a minimal CD ripper modeled on autorip. It can run as a daemon and will automatically start ripping any CD found in the drive after which the disc will be ejected. Ripping is always to FLAC lossless audio format with tags taken from the community-maintained MusicBrainz lookup service and cov er art from Amazon where possible. If a disc is unknown to MusicBrainz, the CD will be ejected without ripping and can also be optionally rejected if cover art cannot be found. With RipRight, ripping a CD collection is just a matter of feeding your Lin ux PC each CD in turn and waiting while they are ripped. CDs which are immediately ejected can be checked with the MusicBrainz Picard tool which allows CD identifiers to be uploaded to the website database. Any errors or inaccuracies in the database records can also be edited on the MusicBrainz. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:19", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: ripright-0.11-5.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:19", "id": "FEDORA:99894601BFE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VGFDWBEH5ZSA34JU5F65W265DMT6REZE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "RMagick is an interface between Ruby and ImageMagick. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:21", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rubygem-rmagick-2.16.0-4.fc25.2", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:21", "id": "FEDORA:3029F608764A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RQ6AIIW4PNNA3PNQHQC4UOZBYEZU6D3J/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "A port of the Really Slick Screensavers to GLX. Provides several visually impressive and graphically intensive screensavers. Note that this package contains only the display hacks themselves; you will need to install the appropriate subpackage for your desktop environment in order to use them as screensavers. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:20", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rss-glx-0.9.1.p-27.fc25.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:20", "id": "FEDORA:A920B601BFE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JGF477JVXIN2KZRJ52L33YXJ4U2VZE4J/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Synfig is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preventing the need to hand-draw each frame. Synfig features spatial and temporal resolution independence (sharp and smoothat any resolution or framerate), high dynamic range images, and a flexible plugin system. This package contains the command-line-based rendering backend. Install synfigstudio package for GUI-based animation studio. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:21", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: synfig-1.2.0-1.fc25.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:21", "id": "FEDORA:A6C306048D20", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NAJ6JCP4KCFYPKYQRD5LMS3KCIWQOX6Q/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series metadata and themoviedb.org API for movies. Check the websites of both services for the terms of use. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:23", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: vdr-scraper2vdr-1.0.5-4.20170611git254122b.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:23", "id": "FEDORA:182076042D48", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need for tweening, preventing the need to hand-draw each frame. Synfig features spatial and temporal resolution independence (sharp and smoothat any resolution or framerate), high dynamic range images, and a flexible plugin system. This package contains the GUI-based animation studio. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: synfigstudio-1.2.0-5.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:22", "id": "FEDORA:25F726048D32", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OFQ7C3QYOJKOCR3RZRQFO2ECEF7XRXU4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Techne is a general purpose, programmable physical simulator and renderer. It reads in a set of scripts wherein every aspect of a physical system is specified and then proceeds to simulate and render the system onscreen. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: techne-0.2.3-20.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:22", "id": "FEDORA:9AE226048D4F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HTQSSWGP72YETFVI5YL3PGTJSULLG5A4/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:23", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: vips-8.4.4-1.fc25.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:23", "id": "FEDORA:99654601BFE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JWFEVLNHZZZG6WAWQZXKJJ7L7PYR6JXU/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:40:43", "description": "Window Maker is an X11 window manager designed to give additional integration support to the GNUstep Desktop Environment. In every way possible, it reproduces the elegant look and feel of the NEXTSTEP GUI. It is fast, feature rich, easy to configure, and easy to use. In addition, Window Maker works with GNOME and KDE, making it one of the most useful and universal window managers available. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-19T15:25:24", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: WindowMaker-0.95.7-3.fc25.1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-19T15:25:24", "id": "FEDORA:1CBDB6048D20", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X5YMZMDIIVRIJGPIALQVVGF4HOBS6DDI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language (elisp), and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-30T07:37:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: emacs-25.3-3.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-30T07:37:44", "id": "FEDORA:A799B624C7EA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZBD3J4IN5OH46TC35SJ3VXGX4A6DWM2F/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:57:19", "description": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via\nemail with crafted \"Content-Type: text/enriched\" data containing an\nx-display XML element that specifies execution of shell commands, related\nto an unsafe text/enriched extension in lisp/textmodes/enriched.el, and\nunsafe Gnus support for enriched and richtext inline MIME objects in\nlisp/gnus/mm-view.el. In particular, an Emacs user can be instantly\ncompromised by reading a crafted email message (or Usenet news article).\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875448>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875447>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875449>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-14T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14482", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2017-09-14T00:00:00", "id": "UB:CVE-2017-14482", "href": "https://ubuntu.com/security/CVE-2017-14482", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:58:29", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in emacs. IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-14482_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14482>)** \nDESCRIPTION:** GNU Emacs could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user request. By sending a specially-crafted HTTP Content-Type request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/132067_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132067>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 11.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 October 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-06-18T01:38:34", "type": "ibm", "title": "Security Bulletin: A vulnerability in emacs affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14482"], "modified": "2018-06-18T01:38:34", "id": "A4C654494872F1C77A9448C5649718FA21C36FD40C6CD59858CF99AB50D14F6D", "href": "https://www.ibm.com/support/pages/node/632377", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
Fedora Update for synfig FEDORA-2017-3a568adb31
