ID OPENVAS:862850 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2017-07-10T00:00:00
Description
Check for the Version of webkitgtk
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for webkitgtk FEDORA-2011-1224
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "webkitgtk on Fedora 13";
tag_insight = "WebKitGTK+ is the port of the portable web rendering engine WebKit to the
GTK+ platform.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html");
script_id(862850);
script_version("$Revision: 6626 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "FEDORA", value: "2011-1224");
script_cve_id("CVE-2010-1407", "CVE-2010-1405", "CVE-2010-1664", "CVE-2010-4040", "CVE-2011-0778", "CVE-2010-4042", "CVE-2010-1421", "CVE-2010-1788", "CVE-2010-1760", "CVE-2010-1422", "CVE-2010-1665", "CVE-2010-2264", "CVE-2010-4493", "CVE-2010-4492", "CVE-2010-2648", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-4198", "CVE-2010-4199", "CVE-2010-1780", "CVE-2010-1771", "CVE-2010-1782", "CVE-2010-1807", "CVE-2010-4197", "CVE-2010-2901", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-3255", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-1761", "CVE-2010-3259", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2011-0482", "CVE-2010-1773", "CVE-2010-3257", "CVE-2010-1770", "CVE-2010-1786", "CVE-2010-1759", "CVE-2010-1767", "CVE-2010-3113", "CVE-2010-1787", "CVE-2010-3116", "CVE-2010-3115", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-1758", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-1812", "CVE-2010-1793", "CVE-2010-1792", "CVE-2010-1791", "CVE-2010-1790", "CVE-2010-4206", "CVE-2010-4204", "CVE-2010-1774", "CVE-2010-1772", "CVE-2010-1392", "CVE-2010-4578");
script_name("Fedora Update for webkitgtk FEDORA-2011-1224");
script_summary("Check for the Version of webkitgtk");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC13")
{
if ((res = isrpmvuln(pkg:"webkitgtk", rpm:"webkitgtk~1.2.7~1.fc13", rls:"FC13")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:862850", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for webkitgtk FEDORA-2011-1224", "description": "Check for the Version of webkitgtk", "published": "2011-02-18T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862850", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["2011-1224", "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html"], "cvelist": ["CVE-2010-4197", "CVE-2011-0778", "CVE-2010-4204", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-3812", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-4578", "CVE-2010-4042", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2011-0482", "CVE-2010-3119", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2010-4040", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-3813", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "lastseen": "2017-07-25T10:55:56", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-25T10:55:56", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:862461", "OPENVAS:1361412562310862465", "OPENVAS:862409", "OPENVAS:1361412562310862461", "OPENVAS:862779", "OPENVAS:1361412562310862779", "OPENVAS:1361412562310862409", "OPENVAS:862465", "OPENVAS:1361412562310862410", "OPENVAS:1361412562310862850"]}, {"type": "fedora", "idList": ["FEDORA:278B9111139", "FEDORA:40EED1109D9", "FEDORA:AEC99110E7A", "FEDORA:B9475110A91", "FEDORA:2EC081110A7", "FEDORA:643E6110B91"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2011-0177.NASL", "SUSE_11_3_LIBWEBKIT-100723.NASL", "FREEBSD_PKG_19419B3B92BD11DFB1400015F2DB7BDE.NASL", "SL_20110125_WEBKITGTK_ON_SL6_X.NASL", "FEDORA_2010-15982.NASL", "FEDORA_2010-14419.NASL", "FREEBSD_PKG_E5090D2ADBBE11DF82F80015F2DB7BDE.NASL", "FEDORA_2011-1224.NASL", "REDHAT-RHSA-2011-0177.NASL", "FEDORA_2010-14409.NASL"]}, {"type": "redhat", "idList": ["RHSA-2011:0177"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0177"]}, {"type": "freebsd", "idList": ["35ECDCBE-3501-11E0-AFCD-0015F2DB7BDE", "E5090D2A-DBBE-11DF-82F8-0015F2DB7BDE", "19419B3B-92BD-11DF-B140-0015F2DB7BDE", "9BCFD7B6-BCDA-11DF-9A6A-0015F2DB7BDE", "06A12E26-142E-11E0-BEA2-0015F2DB7BDE"]}, {"type": "ubuntu", "idList": ["USN-1195-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11040", "SECURITYVULNS:DOC:24396"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2188-1:BD07B"]}, {"type": "gentoo", "idList": ["GLSA-201412-09"]}, {"type": "cve", "idList": ["CVE-2010-4040", "CVE-2010-4199", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-4206", "CVE-2011-1224", "CVE-2010-4204", "CVE-2010-4042", "CVE-2010-4198", "CVE-2010-4197", "CVE-2010-4492"]}], "modified": "2017-07-25T10:55:56", "rev": 2}, "vulnersScore": 7.5}, "pluginID": "862850", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2011-1224\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html\");\n script_id(862850);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-1224\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-4040\", \"CVE-2011-0778\", \"CVE-2010-4042\", \"CVE-2010-1421\", \"CVE-2010-1788\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-4493\", \"CVE-2010-4492\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-4198\", \"CVE-2010-4199\", \"CVE-2010-1780\", \"CVE-2010-1771\", \"CVE-2010-1782\", \"CVE-2010-1807\", \"CVE-2010-4197\", \"CVE-2010-2901\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-3255\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2011-0482\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1770\", \"CVE-2010-1786\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-1787\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-3119\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1791\", \"CVE-2010-1790\", \"CVE-2010-4206\", \"CVE-2010-4204\", \"CVE-2010-1774\", \"CVE-2010-1772\", \"CVE-2010-1392\", \"CVE-2010-4578\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2011-1224\");\n\n script_summary(\"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.7~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}
{"fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1791", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-2264", "CVE-2010-2648", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4577"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2011-01-07T20:01:55", "published": "2011-01-07T20:01:55", "id": "FEDORA:643E6110B91", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: webkitgtk-1.2.6-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1791", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-2264", "CVE-2010-2648", "CVE-2010-2901", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4040", "CVE-2010-4042", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4199", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4492", "CVE-2010-4493", "CVE-2010-4578", "CVE-2011-0482", "CVE-2011-0778"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2011-02-18T01:51:56", "published": "2011-02-18T01:51:56", "id": "FEDORA:40EED1109D9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: webkitgtk-1.2.7-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-2264", "CVE-2010-2648", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3257", "CVE-2010-3259"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2010-10-19T07:09:06", "published": "2010-10-19T07:09:06", "id": "FEDORA:2EC081110A7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: webkitgtk-1.2.5-1.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-2264", "CVE-2010-2648", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3257", "CVE-2010-3259"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2010-10-19T07:21:56", "published": "2010-10-19T07:21:56", "id": "FEDORA:278B9111139", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: webkitgtk-1.2.5-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-2264", "CVE-2010-2648"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2010-09-21T01:43:18", "published": "2010-09-21T01:43:18", "id": "FEDORA:AEC99110E7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1386", "CVE-2010-1392", "CVE-2010-1405", "CVE-2010-1407", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1418", "CVE-2010-1421", "CVE-2010-1422", "CVE-2010-1501", "CVE-2010-1664", "CVE-2010-1665", "CVE-2010-1758", "CVE-2010-1759", "CVE-2010-1760", "CVE-2010-1761", "CVE-2010-1762", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1771", "CVE-2010-1772", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-2264", "CVE-2010-2648"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "modified": "2010-09-15T05:40:48", "published": "2010-09-15T05:40:48", "id": "FEDORA:B9475110A91", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: webkitgtk-1.2.4-1.fc13", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-3812", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-3813", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2017-07-10T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:862779", "href": "http://plugins.openvas.org/nasl.php?oid=862779", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2011-0121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2011-0121\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html\");\n script_id(862779);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-0121\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1788\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2264\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-4198\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1807\", \"CVE-2010-4197\", \"CVE-2010-1774\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1770\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-3255\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1786\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-3119\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1791\", \"CVE-2010-1790\", \"CVE-2010-4206\", \"CVE-2010-4204\", \"CVE-2010-1772\", \"CVE-2010-1392\", \"CVE-2010-4577\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2011-0121\");\n\n script_summary(\"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.6~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-3812", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-3813", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "The remote host is missing an update for the ", "modified": "2019-03-19T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:1361412562310862779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862779", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2011-0121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2011-0121\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862779\");\n script_version(\"$Revision: 14316 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 12:36:02 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-0121\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1788\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2264\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-4198\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1807\", \"CVE-2010-4197\", \"CVE-2010-1774\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1770\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-3255\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1786\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-3119\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1791\", \"CVE-2010-1790\", \"CVE-2010-4206\", \"CVE-2010-4204\", \"CVE-2010-1772\", \"CVE-2010-1392\", \"CVE-2010-4577\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2011-0121\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.6~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2011-0778", "CVE-2010-4204", "CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-3812", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-4578", "CVE-2010-4042", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2011-0482", "CVE-2010-3119", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2010-4040", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-3813", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-18T00:00:00", "id": "OPENVAS:1361412562310862850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862850", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2011-1224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2011-1224\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862850\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-18 15:15:05 +0100 (Fri, 18 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1224\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-4040\", \"CVE-2011-0778\", \"CVE-2010-4042\", \"CVE-2010-1421\", \"CVE-2010-1788\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-4493\", \"CVE-2010-4492\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-4198\", \"CVE-2010-4199\", \"CVE-2010-1780\", \"CVE-2010-1771\", \"CVE-2010-1782\", \"CVE-2010-1807\", \"CVE-2010-4197\", \"CVE-2010-2901\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-3255\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2011-0482\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1770\", \"CVE-2010-1786\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-1787\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-3119\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1791\", \"CVE-2010-1790\", \"CVE-2010-4206\", \"CVE-2010-4204\", \"CVE-2010-1774\", \"CVE-2010-1772\", \"CVE-2010-1392\", \"CVE-2010-4578\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2011-1224\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.7~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-20T13:17:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-1812", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2017-12-19T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:862461", "href": "http://plugins.openvas.org/nasl.php?oid=862461", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-15982", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-15982\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html\");\n script_id(862461);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15982\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1807\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-2264\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1772\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-15982\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.5~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-1812", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2017-12-25T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:862465", "href": "http://plugins.openvas.org/nasl.php?oid=862465", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-15957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-15957\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049604.html\");\n script_id(862465);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15957\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1807\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-2264\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1772\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-15957\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.5~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-1812", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2018-01-16T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:1361412562310862461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862461", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-15982", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-15982\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862461\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15982\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1807\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-2264\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1772\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-15982\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.5~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-1812", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2018-01-24T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:1361412562310862465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862465", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-15957", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-15957\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049604.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862465\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-15957\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1807\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1665\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-2264\", \"CVE-2010-1761\", \"CVE-2010-3259\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-3257\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1767\", \"CVE-2010-3113\", \"CVE-2010-3116\", \"CVE-2010-3115\", \"CVE-2010-3114\", \"CVE-2010-1758\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-1812\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1772\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-15957\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.5~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:05:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1783", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1665", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2018-01-25T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:1361412562310862409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862409", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-14409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14409\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 13\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047699.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862409\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14409\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14409\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1783", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1665", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2018-01-24T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:1361412562310862410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862410", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-14419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14419\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047984.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862410\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14419\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14419\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1783", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1665", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "description": "Check for the Version of webkitgtk", "modified": "2017-12-25T00:00:00", "published": "2010-09-22T00:00:00", "id": "OPENVAS:862410", "href": "http://plugins.openvas.org/nasl.php?oid=862410", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2010-14419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2010-14419\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"webkitgtk on Fedora 12\";\ntag_insight = \"WebKitGTK+ is the port of the portable web rendering engine WebKit to the\n GTK+ platform.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047984.html\");\n script_id(862410);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-22 08:32:53 +0200 (Wed, 22 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-14419\");\n script_cve_id(\"CVE-2010-1407\", \"CVE-2010-1405\", \"CVE-2010-1664\", \"CVE-2010-1421\", \"CVE-2010-1760\", \"CVE-2010-1422\", \"CVE-2010-1767\", \"CVE-2010-1771\", \"CVE-2010-2648\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1788\", \"CVE-2010-1762\", \"CVE-2010-1386\", \"CVE-2010-1761\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1770\", \"CVE-2010-1773\", \"CVE-2010-1772\", \"CVE-2010-1774\", \"CVE-2010-1759\", \"CVE-2010-1758\", \"CVE-2010-1665\", \"CVE-2010-2264\", \"CVE-2010-1793\", \"CVE-2010-1792\", \"CVE-2010-1790\", \"CVE-2010-1392\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2010-14419\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of webkitgtk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~1.2.4~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:59", "description": "Update to 1.2.4 which fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784\nCVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790\nCVE-2010-1792 CVE-2010-1793 CVE-2010-2648\n\nUpdate to 1.2.3 which fixes: CVE-2010-1386 CVE-2010-1392 CVE-2010-1405\nCVE-2010-1407 CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418\nCVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767 CVE-2010-1664\nCVE-2010-1758 CVE-2010-1759 CVE-2010-1760 CVE-2010-1761 CVE-2010-1762\nCVE-2010-1770 CVE-2010-1771 CVE-2010-1772 CVE-2010-1773 CVE-2010-1774\nCVE-2010-2264\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-09-21T00:00:00", "title": "Fedora 12 : webkitgtk-1.2.4-1.fc12 (2010-14419)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1783", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-1501", "CVE-2010-2648", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1665", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "modified": "2010-09-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2010-14419.NASL", "href": "https://www.tenable.com/plugins/nessus/49295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-14419.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49295);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\");\n script_bugtraq_id(41573, 41575, 42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049);\n script_xref(name:\"FEDORA\", value:\"2010-14419\");\n\n script_name(english:\"Fedora 12 : webkitgtk-1.2.4-1.fc12 (2010-14419)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.2.4 which fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784\nCVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790\nCVE-2010-1792 CVE-2010-1793 CVE-2010-2648\n\nUpdate to 1.2.3 which fixes: CVE-2010-1386 CVE-2010-1392 CVE-2010-1405\nCVE-2010-1407 CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418\nCVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767 CVE-2010-1664\nCVE-2010-1758 CVE-2010-1759 CVE-2010-1760 CVE-2010-1761 CVE-2010-1762\nCVE-2010-1770 CVE-2010-1771 CVE-2010-1772 CVE-2010-1773 CVE-2010-1774\nCVE-2010-2264\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=606303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=606304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=631583\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047984.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?573b4c4f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"webkitgtk-1.2.4-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:07:59", "description": "Update to 1.2.4 which fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784\nCVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790\nCVE-2010-1792 CVE-2010-1793 CVE-2010-2648 Update to 1.2.3 which fixes:\nCVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407 CVE-2010-1416\nCVE-2010-1417 CVE-2010-1665 CVE-2010-1418 CVE-2010-1421 CVE-2010-1422\nCVE-2010-1501 CVE-2010-1767 CVE-2010-1664 CVE-2010-1758 CVE-2010-1759\nCVE-2010-1760 CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771\nCVE-2010-1772 CVE-2010-1773 CVE-2010-1774 CVE-2010-2264\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-09-16T00:00:00", "title": "Fedora 13 : webkitgtk-1.2.4-1.fc13 (2010-14409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1783", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-1501", "CVE-2010-2648", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1665", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1784", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421", "CVE-2010-1793"], "modified": "2010-09-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2010-14409.NASL", "href": "https://www.tenable.com/plugins/nessus/49246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-14409.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49246);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\");\n script_bugtraq_id(41573, 41575, 42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049);\n script_xref(name:\"FEDORA\", value:\"2010-14409\");\n\n script_name(english:\"Fedora 13 : webkitgtk-1.2.4-1.fc13 (2010-14409)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.2.4 which fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784\nCVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790\nCVE-2010-1792 CVE-2010-1793 CVE-2010-2648 Update to 1.2.3 which fixes:\nCVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407 CVE-2010-1416\nCVE-2010-1417 CVE-2010-1665 CVE-2010-1418 CVE-2010-1421 CVE-2010-1422\nCVE-2010-1501 CVE-2010-1767 CVE-2010-1664 CVE-2010-1758 CVE-2010-1759\nCVE-2010-1760 CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771\nCVE-2010-1772 CVE-2010-1773 CVE-2010-1774 CVE-2010-2264\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=606303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=606304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=631583\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b197765a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"webkitgtk-1.2.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:40:09", "description": "Gustavo Noronha reports :\n\nDebian's Michael Gilbert has done a great job going through all CVEs\nreleased about WebKit, and including patches in the Debian package.\n1.2.3 includes all of the commits from trunk to fix those, too.", "edition": 27, "published": "2010-07-19T00:00:00", "title": "FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1773", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1761", "CVE-2010-1665", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421"], "modified": "2010-07-19T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit-gtk2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_19419B3B92BD11DFB1400015F2DB7BDE.NASL", "href": "https://www.tenable.com/plugins/nessus/47751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47751);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\", \"CVE-2010-2264\");\n\n script_name(english:\"FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Noronha reports :\n\nDebian's Michael Gilbert has done a great job going through all CVEs\nreleased about WebKit, and including patches in the Debian package.\n1.2.3 includes all of the commits from trunk to fix those, too.\"\n );\n # http://blog.kov.eti.br/?p=116\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.kov.eti.br/2010/07/webkitgtk-122-and-123-released/\"\n );\n # https://vuxml.freebsd.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a10ad78b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2<1.2.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:38", "description": "From Red Hat Security Advisory 2011:0177 :\n\nUpdated webkitgtk packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWebKitGTK+ is the port of the portable web rendering engine WebKit to\nthe GTK+ platform.\n\nMultiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nUsers of WebKitGTK+ should upgrade to these updated packages, which\ncontain WebKitGTK+ version 1.2.6, and resolve these issues. All\nrunning applications that use WebKitGTK+ must be restarted for this\nupdate to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : webkitgtk (ELSA-2011-0177)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-3257", "CVE-2010-1783", "CVE-2010-3812", "CVE-2010-1787", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-3813", "CVE-2010-1793"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:webkitgtk-doc", "p-cpe:/a:oracle:linux:webkitgtk-devel", "p-cpe:/a:oracle:linux:webkitgtk"], "id": "ORACLELINUX_ELSA-2011-0177.NASL", "href": "https://www.tenable.com/plugins/nessus/68187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0177 and \n# Oracle Linux Security Advisory ELSA-2011-0177 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68187);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3119\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-4197\", \"CVE-2010-4198\", \"CVE-2010-4204\", \"CVE-2010-4206\", \"CVE-2010-4577\");\n script_bugtraq_id(42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049, 43047, 43079, 43081, 43083, 44199, 44200, 44201, 44203, 44204, 44206, 44954, 44960, 45718, 45719, 45720, 45721, 45722);\n script_xref(name:\"RHSA\", value:\"2011:0177\");\n\n script_name(english:\"Oracle Linux 6 : webkitgtk (ELSA-2011-0177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0177 :\n\nUpdated webkitgtk packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWebKitGTK+ is the port of the portable web rendering engine WebKit to\nthe GTK+ platform.\n\nMultiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nUsers of WebKitGTK+ should upgrade to these updated packages, which\ncontain WebKitGTK+ version 1.2.6, and resolve these issues. All\nrunning applications that use WebKitGTK+ must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-February/001875.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkitgtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:webkitgtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"webkitgtk-1.2.6-2.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"webkitgtk-devel-1.2.6-2.el6_0\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"webkitgtk-doc-1.2.6-2.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk / webkitgtk-devel / webkitgtk-doc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:47", "description": "Updated webkitgtk packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWebKitGTK+ is the port of the portable web rendering engine WebKit to\nthe GTK+ platform.\n\nMultiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nUsers of WebKitGTK+ should upgrade to these updated packages, which\ncontain WebKitGTK+ version 1.2.6, and resolve these issues. All\nrunning applications that use WebKitGTK+ must be restarted for this\nupdate to take effect.", "edition": 28, "published": "2011-01-26T00:00:00", "title": "RHEL 6 : webkitgtk (RHSA-2011:0177)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-3257", "CVE-2010-1783", "CVE-2010-3812", "CVE-2010-1787", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-3813", "CVE-2010-1793"], "modified": "2011-01-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:webkitgtk", "p-cpe:/a:redhat:enterprise_linux:webkitgtk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:webkitgtk-doc", "p-cpe:/a:redhat:enterprise_linux:webkitgtk-devel", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2011-0177.NASL", "href": "https://www.tenable.com/plugins/nessus/51672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0177. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51672);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3119\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-4197\", \"CVE-2010-4198\", \"CVE-2010-4204\", \"CVE-2010-4206\", \"CVE-2010-4577\");\n script_bugtraq_id(42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049, 43047, 43079, 43081, 43083, 44199, 44200, 44201, 44203, 44204, 44206, 44954, 44960, 45718, 45719, 45720, 45721, 45722);\n script_xref(name:\"RHSA\", value:\"2011:0177\");\n\n script_name(english:\"RHEL 6 : webkitgtk (RHSA-2011:0177)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated webkitgtk packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nWebKitGTK+ is the port of the portable web rendering engine WebKit to\nthe GTK+ platform.\n\nMultiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nUsers of WebKitGTK+ should upgrade to these updated packages, which\ncontain WebKitGTK+ version 1.2.6, and resolve these issues. All\nrunning applications that use WebKitGTK+ must be restarted for this\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0177\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkitgtk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkitgtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:webkitgtk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0177\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"webkitgtk-1.2.6-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"webkitgtk-debuginfo-1.2.6-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"webkitgtk-devel-1.2.6-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"webkitgtk-doc-1.2.6-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"webkitgtk-doc-1.2.6-2.el6_0\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"webkitgtk-doc-1.2.6-2.el6_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk / webkitgtk-debuginfo / webkitgtk-devel / webkitgtk-doc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:23", "description": "Multiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nAll running applications that use WebKitGTK+ must be restarted for\nthis update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : webkitgtk on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-3257", "CVE-2010-1783", "CVE-2010-3812", "CVE-2010-1787", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-3813", "CVE-2010-1793"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110125_WEBKITGTK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60943", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60943);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1780\", \"CVE-2010-1782\", \"CVE-2010-1783\", \"CVE-2010-1784\", \"CVE-2010-1785\", \"CVE-2010-1786\", \"CVE-2010-1787\", \"CVE-2010-1788\", \"CVE-2010-1790\", \"CVE-2010-1792\", \"CVE-2010-1793\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3119\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\", \"CVE-2010-3812\", \"CVE-2010-3813\", \"CVE-2010-4197\", \"CVE-2010-4198\", \"CVE-2010-4204\", \"CVE-2010-4206\", \"CVE-2010-4577\");\n\n script_name(english:\"Scientific Linux Security Update : webkitgtk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,\nCVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,\nCVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,\nCVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,\nCVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,\nCVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were\nfound in WebKit. Malicious web content could cause an application\nusing WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user\ninto thinking they are visiting the site reported by the location bar,\nwhen the page is actually content controlled by an attacker.\n(CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to\nimages created from the 'canvas' element. Malicious web content could\nallow a remote attacker to bypass the same-origin policy and\npotentially access sensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when\nit was disabled, web content containing certain 'link' elements could\ncause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nAll running applications that use WebKitGTK+ must be restarted for\nthis update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1103&L=scientific-linux-errata&T=0&P=4916\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f5beb0a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected webkitgtk, webkitgtk-devel and / or webkitgtk-doc\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"webkitgtk-1.2.6-2.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"webkitgtk-devel-1.2.6-2.el6_0\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"webkitgtk-doc-1.2.6-2.el6_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:44", "description": "The libwebkit browser engine version 1.2.3 fixes several security\nrelevant bugs\n\n(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767,\nCVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771,\nCVE-2010-1772, CVE-2010-1773, CVE-2010-1774)", "edition": 25, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1773", "CVE-2010-1501", "CVE-2010-1774", "CVE-2010-1418", "CVE-2010-1761", "CVE-2010-1665", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libwebkit-lang", "p-cpe:/a:novell:opensuse:libwebkit-devel", "p-cpe:/a:novell:opensuse:libwebkit-1_0-2", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:webkit-jsc", "p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit"], "id": "SUSE_11_3_LIBWEBKIT-100723.NASL", "href": "https://www.tenable.com/plugins/nessus/75627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libwebkit-2806.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75627);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1386\", \"CVE-2010-1392\", \"CVE-2010-1405\", \"CVE-2010-1407\", \"CVE-2010-1416\", \"CVE-2010-1417\", \"CVE-2010-1418\", \"CVE-2010-1421\", \"CVE-2010-1422\", \"CVE-2010-1664\", \"CVE-2010-1665\", \"CVE-2010-1758\", \"CVE-2010-1759\", \"CVE-2010-1760\", \"CVE-2010-1761\", \"CVE-2010-1762\", \"CVE-2010-1767\", \"CVE-2010-1770\", \"CVE-2010-1771\", \"CVE-2010-1772\", \"CVE-2010-1773\", \"CVE-2010-1774\");\n\n script_name(english:\"openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)\");\n script_summary(english:\"Check for the libwebkit-2806 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libwebkit browser engine version 1.2.3 fixes several security\nrelevant bugs\n\n(CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407,\nCVE-2010-1416, CVE-2010-1417, CVE-2010-1665, CVE-2010-1418,\nCVE-2010-1421, CVE-2010-1422, CVE-2010-1501, CVE-2010-1767,\nCVE-2010-1664, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760,\nCVE-2010-1761, CVE-2010-1762, CVE-2010-1770, CVE-2010-1771,\nCVE-2010-1772, CVE-2010-1773, CVE-2010-1774)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=622994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-08/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libwebkit packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-1_0-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-1_0-2-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-devel-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libwebkit-lang-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"webkit-jsc-1.2.3-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libwebkit-1_0-2-32bit-1.2.3-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwebkit-1_0-2 / libwebkit-1_0-2-32bit / libwebkit-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:51:04", "description": "Gustavo Noronha Silva reports :\n\nThe patches to fix the following CVEs are included with help from\nVincent Danen and other members of the Red Hat security team:", "edition": 24, "published": "2010-10-21T00:00:00", "title": "FreeBSD : Webkit-gtk2 -- Multiple Vulnabilities (e5090d2a-dbbe-11df-82f8-0015f2db7bde)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3257", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-3114", "CVE-2010-3255", "CVE-2010-1815", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-3259", "CVE-2010-1812"], "modified": "2010-10-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:webkit-gtk2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E5090D2ADBBE11DF82F80015F2DB7BDE.NASL", "href": "https://www.tenable.com/plugins/nessus/50075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50075);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1780\", \"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3255\", \"CVE-2010-3257\", \"CVE-2010-3259\");\n\n script_name(english:\"FreeBSD : Webkit-gtk2 -- Multiple Vulnabilities (e5090d2a-dbbe-11df-82f8-0015f2db7bde)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gustavo Noronha Silva reports :\n\nThe patches to fix the following CVEs are included with help from\nVincent Danen and other members of the Red Hat security team:\"\n );\n # http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33285e52\"\n );\n # https://vuxml.freebsd.org/freebsd/e5090d2a-dbbe-11df-82f8-0015f2db7bde.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8dc4ebe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:webkit-gtk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"webkit-gtk2<1.2.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:10", "description": " - Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493\n CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040\n CVE-2011-0778 CVE-2010-2901 CVE-2010-4042\n\n - Fixes a regression caused by earlier fix for\n CVE-2010-1791. This caused webkitgtk to crash on certain\n sites with JavaScript.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-02-18T00:00:00", "title": "Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0778", "CVE-2010-4578", "CVE-2010-4042", "CVE-2011-0482", "CVE-2010-4493", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-1791", "CVE-2010-4492", "CVE-2010-4040"], "modified": "2011-02-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2011-1224.NASL", "href": "https://www.tenable.com/plugins/nessus/52018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-1224.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52018);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2901\", \"CVE-2010-4040\", \"CVE-2010-4042\", \"CVE-2010-4199\", \"CVE-2010-4492\", \"CVE-2010-4493\", \"CVE-2010-4578\", \"CVE-2011-0482\", \"CVE-2011-0778\");\n script_bugtraq_id(41976, 44241, 44646, 45170, 45390, 45788, 46144);\n script_xref(name:\"FEDORA\", value:\"2011-1224\");\n\n script_name(english:\"Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes the following CVEs: CVE-2010-4492 CVE-2010-4493\n CVE-2011-0482 CVE-2010-4199 CVE-2010-4578 CVE-2010-4040\n CVE-2011-0778 CVE-2010-2901 CVE-2010-4042\n\n - Fixes a regression caused by earlier fix for\n CVE-2010-1791. This caused webkitgtk to crash on certain\n sites with JavaScript.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=656122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=657101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=676212\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5738a9dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"webkitgtk-1.2.7-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:10", "description": " - New stable release, API and ABI compatible with previous\n 1.2.x versions.\n\n - The patches to fix the following CVEs are included with\n help from Vincent Danen and other members of the Red Hat\n security team :\n\nCVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115\nCVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-10-20T00:00:00", "title": "Fedora 13 : webkitgtk-1.2.5-1.fc13 (2010-15957)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3257", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-1815", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-3259", "CVE-2010-1812"], "modified": "2010-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:webkitgtk"], "id": "FEDORA_2010-15957.NASL", "href": "https://www.tenable.com/plugins/nessus/50030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-15957.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50030);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1807\", \"CVE-2010-1812\", \"CVE-2010-1814\", \"CVE-2010-1815\", \"CVE-2010-3113\", \"CVE-2010-3114\", \"CVE-2010-3115\", \"CVE-2010-3116\", \"CVE-2010-3257\", \"CVE-2010-3259\");\n script_xref(name:\"FEDORA\", value:\"2010-15957\");\n\n script_name(english:\"Fedora 13 : webkitgtk-1.2.5-1.fc13 (2010-15957)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New stable release, API and ABI compatible with previous\n 1.2.x versions.\n\n - The patches to fix the following CVEs are included with\n help from Vincent Danen and other members of the Red Hat\n security team :\n\nCVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115\nCVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=627703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=628032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=628035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=628071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=631939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=631946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=631948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=640360\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049604.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?503bcc1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"webkitgtk-1.2.5-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-3257", "CVE-2010-1783", "CVE-2010-3812", "CVE-2010-1787", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-3114", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1815", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-3813", "CVE-2010-1793"], "description": "[1.2.6-2]\n- Added fix for js regression\n[1.2.6-1]\n- Update to 1.2.6", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2011-0177", "href": "http://linux.oracle.com/errata/ELSA-2011-0177.html", "title": "webkitgtk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4577"], "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the\nGTK+ platform.\n\nMultiple memory corruption flaws were found in WebKit. Malicious web\ncontent could cause an application using WebKitGTK+ to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,\nCVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792,\nCVE-2010-1807, CVE-2010-1814, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119,\nCVE-2010-3255, CVE-2010-3812, CVE-2010-4198)\n\nMultiple use-after-free flaws were found in WebKit. Malicious web content\ncould cause an application using WebKitGTK+ to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, CVE-2010-1812,\nCVE-2010-1815, CVE-2010-3113, CVE-2010-3257, CVE-2010-4197, CVE-2010-4204)\n\nTwo array index errors, leading to out-of-bounds memory reads, were found\nin WebKit. Malicious web content could cause an application using\nWebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)\n\nA flaw in WebKit could allow malicious web content to trick a user into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2010-3115)\n\nIt was found that WebKit did not correctly restrict read access to images\ncreated from the \"canvas\" element. Malicious web content could allow a\nremote attacker to bypass the same-origin policy and potentially access\nsensitive image data. (CVE-2010-3259)\n\nA flaw was found in the way WebKit handled DNS prefetching. Even when it\nwas disabled, web content containing certain \"link\" elements could cause\nWebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)\n\nUsers of WebKitGTK+ should upgrade to these updated packages, which contain\nWebKitGTK+ version 1.2.6, and resolve these issues. All running\napplications that use WebKitGTK+ must be restarted for this update to take\neffect.\n", "modified": "2018-06-06T20:24:35", "published": "2011-01-25T05:00:00", "id": "RHSA-2011:0177", "href": "https://access.redhat.com/errata/RHSA-2011:0177", "type": "redhat", "title": "(RHSA-2011:0177) Moderate: webkitgtk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1416", "CVE-2010-1417", "CVE-2010-1760", "CVE-2010-1758", "CVE-2010-1771", "CVE-2010-1407", "CVE-2010-1772", "CVE-2010-1664", "CVE-2010-1759", "CVE-2010-1773", "CVE-2010-1501", "CVE-2010-1774", "CVE-2010-2264", "CVE-2010-1418", "CVE-2010-1761", "CVE-2010-1665", "CVE-2010-1422", "CVE-2010-1767", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-1762", "CVE-2010-1386", "CVE-2010-1405", "CVE-2010-1421"], "description": "\nGustavo Noronha reports:\n\nDebian's Michael Gilbert has done a great job going through all\n\t CVEs released about WebKit, and including patches in the Debian\n\t package. 1.2.3 includes all of the commits from trunk to fix those,\n\t too.\n\n", "edition": 4, "modified": "2010-07-16T00:00:00", "published": "2010-07-16T00:00:00", "id": "19419B3B-92BD-11DF-B140-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/19419b3b-92bd-11df-b140-0015f2db7bde.html", "title": "webkit-gtk2 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3257", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-3113", "CVE-2010-1780", "CVE-2010-3114", "CVE-2010-3255", "CVE-2010-1815", "CVE-2010-1814", "CVE-2010-3115", "CVE-2010-3259", "CVE-2010-1812"], "description": "\nGustavo Noronha Silva reports:\n\nThe patches to fix the following CVEs are included with help from\n\t Vincent Danen and other members of the Red Hat security team:\n\n", "edition": 4, "modified": "2010-10-01T00:00:00", "published": "2010-10-01T00:00:00", "id": "E5090D2A-DBBE-11DF-82F8-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/e5090d2a-dbbe-11df-82f8-0015f2db7bde.html", "title": "Webkit-gtk2 -- Multiple Vulnabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0778", "CVE-2010-4578", "CVE-2010-4042", "CVE-2011-0482", "CVE-2010-4493", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-4492", "CVE-2010-4040"], "description": "\nGustavo Noronha Silva reports:\n\nThis release has essentially security fixes. Refer to the\n\t WebKit/gtk/NEWS file inside the tarball for details. We would like\n\t to thank the Red Hat security team (Huzaifa Sidhpurwala in\n\t particular) and Michael Gilbert from Debian for their help in\n\t checking (and pushing!) security issues affecting the WebKitGTK+\n\t stable branch for this release.\n\n", "edition": 4, "modified": "2011-02-08T00:00:00", "published": "2011-02-08T00:00:00", "id": "35ECDCBE-3501-11E0-AFCD-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/35ecdcbe-3501-11e0-afcd-0015f2db7bde.html", "title": "webkit-gtk2 -- Multiple vurnabilities.", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1787", "CVE-2010-2647", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3119", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1781", "CVE-2010-1782", "CVE-2010-1792", "CVE-2010-1784", "CVE-2010-1793"], "description": "\nGustavo Noronha Silva reports:\n\nWith help from Vincent Danen and other members of the Red Hat\n\t security team, the following CVE's where fixed.\n\n", "edition": 4, "modified": "2010-09-07T00:00:00", "published": "2010-09-07T00:00:00", "id": "9BCFD7B6-BCDA-11DF-9A6A-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/9bcfd7b6-bcda-11df-9a6a-0015f2db7bde.html", "title": "webkit-gtk2 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4197", "CVE-2010-4204", "CVE-2010-3812", "CVE-2010-4206", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-3813"], "description": "\nGustavo Noronha Silva reports:\n\nThe patches to fix the following CVEs are included with help\n\t from Huzaifa Sidhpurwala from the Red Hat security team.\n\n", "edition": 4, "modified": "2010-12-28T00:00:00", "published": "2010-12-28T00:00:00", "id": "06A12E26-142E-11E0-BEA2-0015F2DB7BDE", "href": "https://vuxml.freebsd.org/freebsd/06a12e26-142e-11e0-bea2-0015f2db7bde.html", "title": "webkit-gtk2 -- Multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:33:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4197", "CVE-2010-2651", "CVE-2011-0778", "CVE-2010-4204", "CVE-2010-3120", "CVE-2010-3812", "CVE-2010-4578", "CVE-2010-4042", "CVE-2011-0482", "CVE-2010-4493", "CVE-2010-3254", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-2900", "CVE-2010-2646", "CVE-2010-4206", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-4492", "CVE-2010-1824", "CVE-2010-4040", "CVE-2010-3813"], "description": "A large number of security issues were discovered in the WebKit browser and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of \nservice attacks, and arbitrary code execution.", "edition": 5, "modified": "2011-08-23T00:00:00", "published": "2011-08-23T00:00:00", "id": "USN-1195-1", "href": "https://ubuntu.com/security/notices/USN-1195-1", "title": "WebKit vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0049", "CVE-2010-0052", "CVE-2010-1412", "CVE-2010-1397", "CVE-2010-1416", "CVE-2010-1396", "CVE-2010-1417", "CVE-2010-3257", "CVE-2010-1409", "CVE-2010-0046", "CVE-2010-0651", "CVE-2010-1760", "CVE-2010-0054", "CVE-2010-1783", "CVE-2009-2841", "CVE-2010-1758", "CVE-2010-1787", "CVE-2010-1771", "CVE-2009-2797", "CVE-2010-1410", "CVE-2010-1807", "CVE-2010-3116", "CVE-2010-0048", "CVE-2010-3113", "CVE-2010-1415", "CVE-2010-1419", "CVE-2010-1407", "CVE-2010-1780", "CVE-2010-1766", "CVE-2010-1772", "CVE-2010-1389", "CVE-2010-1391", "CVE-2010-1664", "CVE-2010-1387", "CVE-2010-1759", "CVE-2010-2647", "CVE-2010-0650", "CVE-2010-1786", "CVE-2010-1773", "CVE-2010-1785", "CVE-2010-2648", "CVE-2010-3114", "CVE-2010-1774", "CVE-2010-1395", "CVE-2010-1400", "CVE-2010-2264", "CVE-2010-0314", "CVE-2010-1406", "CVE-2010-1418", "CVE-2010-1398", "CVE-2010-1790", "CVE-2010-1401", "CVE-2010-1788", "CVE-2010-1781", "CVE-2010-1815", "CVE-2010-1408", "CVE-2010-1403", "CVE-2010-1404", "CVE-2010-1761", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1665", "CVE-2010-3115", "CVE-2010-1792", "CVE-2010-1422", "CVE-2010-1390", "CVE-2010-1767", "CVE-2010-3259", "CVE-2010-0656", "CVE-2010-1812", "CVE-2010-1393", "CVE-2010-1770", "CVE-2010-1392", "CVE-2010-0647", "CVE-2010-1784", "CVE-2010-0053", "CVE-2010-0047", "CVE-2010-0051", "CVE-2010-1402", "CVE-2010-3248", "CVE-2010-1762", "CVE-2010-0050", "CVE-2010-1386", "CVE-2010-1764", "CVE-2010-1405", "CVE-2010-1414", "CVE-2010-1421", "CVE-2010-1394", "CVE-2010-1793"], "description": "A large number of security issues were discovered in the WebKit browser and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of \nservice attacks, and arbitrary code execution.\n\nPlease consult the bug listed at the top of this advisory to get the exact \nlist of CVE numbers fixed for each release.", "edition": 15, "modified": "2010-10-19T00:00:00", "published": "2010-10-19T00:00:00", "id": "USN-1006-1", "href": "https://ubuntu.com/security/notices/USN-1006-1", "title": "WebKit vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-1789", "CVE-2010-1796", "CVE-2010-1783", "CVE-2010-1787", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-1778", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1782", "CVE-2010-1792", "CVE-2010-1791", "CVE-2010-1784", "CVE-2010-1793"], "description": "About the security content of Safari 5.0.1 and Safari 4.1.1\r\n\r\n * Last Modified: July 28, 2010\r\n * Article: HT4276\r\n\r\n\r\nSummary\r\n\r\nThis document describes the security content of Safari 5.0.1 and Safari 4.1.1.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security, Safari 4 (Mac OS X 10.4), Safari 5 (Windows), Safari 5 (Mac OS X 10.6), Safari 5 (Mac OS X 10.5)\r\nSafari 5.0.1 and Safari 4.1.1\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2010-1778\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server\r\n\r\n Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds. Credit to Billy Rios of the Google Security Team for reporting this issue.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2010-1796\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Safari's AutoFill feature may disclose information to websites without user interaction\r\n\r\n Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari Preferences, under AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be selected. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected. Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1780\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus. Credit to Tony Chang of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1782\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1783\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1784\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1785\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1786\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1787\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1788\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1789\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1790\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A reentrancy issue exists in WebKit's handling of just-in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1791\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices. Credit to Natalie Silvanovich for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1792\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions. Credit to Peter Varga of University of Szeged for reporting this issue.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2010-1793\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.\r\n\r\n", "edition": 1, "modified": "2010-08-08T00:00:00", "published": "2010-08-08T00:00:00", "id": "SECURITYVULNS:DOC:24396", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24396", "title": "About the security content of Safari 5.0.1 and Safari 4.1.1", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-1789", "CVE-2010-1796", "CVE-2010-1783", "CVE-2010-1787", "CVE-2010-1780", "CVE-2010-1786", "CVE-2010-1785", "CVE-2010-1778", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-1782", "CVE-2010-1792", "CVE-2010-1791", "CVE-2010-1784", "CVE-2010-1793"], "description": "Information leak, crossdomain access, buffer overflows, memory corruptions.", "edition": 1, "modified": "2010-08-14T00:00:00", "published": "2010-08-14T00:00:00", "id": "SECURITYVULNS:VULN:11040", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11040", "title": "Apple Webkit / Safari multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:28:27", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0778", "CVE-2010-1783", "CVE-2010-0474", "CVE-2010-4578", "CVE-2011-0482", "CVE-2010-4493", "CVE-2010-2901", "CVE-2010-4199", "CVE-2010-4577", "CVE-2010-4492", "CVE-2010-4040"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2188-1 security@debian.org\nhttp://www.debian.org/security/ Giuseppe Iuculano\nMarch 10, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778\n\nSeveral vulnerabilities have been discovered in webkit, a Web content engine\nlibrary for Gtk+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2010-1783\n\n WebKit does not properly handle dynamic modification of a\n text node, which allows remote attackers to execute arbitrary code or cause\n a denial of service (memory corruption and application crash) via a\n crafted HTML document.\n\n\nCVE-2010-2901\n\n The rendering implementation in WebKit allows\n remote attackers to cause a denial of service (memory corruption) or possibly\n have unspecified other impact via unknown vectors.\n\n\nCVE-2010-4199\n\n WebKit does not properly perform a cast of an\n unspecified variable during processing of an SVG use element, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via a crafted SVG document.\n\n\nCVE-2010-4040\n\n WebKit does not properly handle animated GIF images,\n which allows remote attackers to cause a denial of service (memory corruption)\n or possibly have unspecified other impact via a crafted image.\n\n\nCVE-2010-4492\n\n Use-after-free vulnerability in WebKit allows\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via vectors involving SVG animations.\n\n\nCVE-2010-4493\n\n Use-after-free vulnerability in Webkit allows remote attackers to cause a\n denial of service via vectors related to the handling of mouse dragging events\n\n\nCVE-2010-4577\n\n The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in\n WebKit does not properly parse Cascading Style Sheets (CSS) token sequences,\n which allows remote attackers to cause a denial of service\n (out-of-bounds read) via a crafted local font, related to "Type Confusion."\n\n\nCVE-2010-4578\n\n WebKit does not properly perform cursor handling, which allows remote\n attackers to cause a denial of service or possibly have unspecified other\n impact via unknown vectors that lead to "stale pointers."\n\n\nCVE-2011-0482\n\n WebKit does not properly perform a cast of an unspecified variable during\n handling of anchors, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via a crafted HTML document\n\n\nCVE-2011-0778\n\n WebKit does not properly restrict drag and drop operations, which might allow\n remote attackers to bypass the Same Origin Policy via unspecified vectors.\n\n\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 1.2.7-0+squeeze1\n\nFor the testing distribution (wheezy), and the unstable distribution (sid),\nthese problems have been fixed in version 1.2.7-1\n\n\nSecurity support for WebKit has been discontinued for the oldstable\ndistribution (lenny).\nThe current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for these\nand any future issues has become unfeasible and therefore we need to\ndrop our security support for the version in oldstable.\n\nWe recommend that you upgrade your webkit packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-03-10T13:22:42", "published": "2011-03-10T13:22:42", "id": "DEBIAN:DSA-2188-1:BD07B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00055.html", "title": "[SECURITY] [DSA 2188-1] webkit security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "edition": 1, "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-12-09T19:34:43", "description": "Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to \"stale elements.\"", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-10-21T19:00:00", "title": "CVE-2010-4042", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4042"], "modified": "2020-07-31T19:37:00", "cpe": ["cpe:/o:opensuse:opensuse:11.2", "cpe:/o:opensuse:opensuse:11.3"], "id": "CVE-2010-4042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4042", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-11-06T00:00:00", "title": "CVE-2010-4198", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4198"], "modified": "2020-07-31T17:53:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "cpe:/a:webkitgtk:webkitgtk:1.2.6"], "id": "CVE-2010-4198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:webkitgtk:webkitgtk:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.", "edition": 6, "cvss3": {}, "published": "2010-12-07T21:00:00", "title": "CVE-2010-4493", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4493"], "modified": "2020-07-28T19:15:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2010-4493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4493", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:42", "description": "Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2010-09-07T18:00:00", "title": "CVE-2010-3255", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3255"], "modified": "2020-08-04T14:16:00", "cpe": [], "id": "CVE-2010-3255", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3255", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:34:43", "description": "Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-10-21T19:00:00", "title": "CVE-2010-4040", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4040"], "modified": "2020-07-31T17:33:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:opensuse:opensuse:11.3", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2010-4040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4040", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-11-06T00:00:00", "title": "CVE-2010-4206", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4206"], "modified": "2020-07-31T15:06:00", "cpe": ["cpe:/o:fedoraproject:fedora:13"], "id": "CVE-2010-4206", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4206", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-11-06T00:00:00", "title": "CVE-2010-4197", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4197"], "modified": "2020-07-31T17:53:00", "cpe": ["cpe:/o:fedoraproject:fedora:13"], "id": "CVE-2010-4197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4197", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-11-06T00:00:00", "title": "CVE-2010-4204", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4204"], "modified": "2020-07-31T18:25:00", "cpe": ["cpe:/o:fedoraproject:fedora:13"], "id": "CVE-2010-4204", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4204", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2010-11-06T00:00:00", "title": "CVE-2010-4199", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4199"], "modified": "2020-07-31T17:54:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2010-4199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:03", "description": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.", "edition": 6, "cvss3": {}, "published": "2011-01-14T17:00:00", "title": "CVE-2011-0482", "type": "cve", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0482"], "modified": "2020-07-24T13:56:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2011-0482", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0482", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}]}
