{"id": "SECURITYVULNS:DOC:13688", "bulletinFamily": "software", "title": "ISS BlackICE PC Protection DLL faking of run-time linked libraries Vulnerability", "description": "BlackICE does not protect pamversion.dll in its installation directory. And also because its component\r\nprotection fails to protect BlackICE processes this can be misused to inject fake DLL into BlackICE service.\r\n\r\nThe whole advisory with more details and source code is available here\r\nhttp://www.matousec.com/info/advisories/BlackICE-DLL-faking-of-run-time-linked-libraries.php\r\n\r\nRegards,\r\n\r\n\r\n-- \r\nDavid Matousek\r\n\r\nFounder and Chief Representative of Matousec - Transparent security\r\nhttp://www.matousec.com/\r\n\r\n\r\n\r\n", "published": "2006-08-02T00:00:00", "modified": "2006-08-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13688", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-08-31T11:10:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-7273", "CVE-2008-7272", "CVE-2014-2595", "CVE-2019-13688"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220171280", "OPENVAS:1361412562311220171281", "OPENVAS:1361412562310852714", "OPENVAS:1361412562310704562"]}, {"type": "securelist", "idList": ["SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4562.NASL", "REDHAT-RHSA-2019-3211.NASL", "GENTOO_GLSA-201911-06.NASL", "OPENSUSE-2019-2186.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201911-06"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4562-1:58850"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2229-1", "OPENSUSE-SU-2019:2228-1", "OPENSUSE-SU-2019:2447-1", "OPENSUSE-SU-2019:2186-1"]}, {"type": "redhat", "idList": ["RHSA-2019:3211"]}], "modified": "2018-08-31T11:10:18", "rev": 2}, "vulnersScore": 6.1}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-10-03T12:01:15", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-12T01:15:00", "title": "CVE-2014-2595", "type": "cve", "cwe": ["CWE-613"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2595"], "modified": "2020-02-20T15:55:00", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "id": "CVE-2014-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:42", "description": "Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 14, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-25T15:15:00", "title": "CVE-2019-13688", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13688"], "modified": "2019-11-27T01:00:00", "cpe": [], "id": "CVE-2019-13688", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13688", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-11-18T22:15:00", "title": "CVE-2008-7273", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7273"], "modified": "2019-11-20T15:56:00", "cpe": [], "id": "CVE-2008-7273", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T19:28:28", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-08T00:15:00", "title": "CVE-2008-7272", "type": "cve", "cwe": ["CWE-312"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7272"], "modified": "2020-02-10T21:16:00", "cpe": [], "id": "CVE-2008-7272", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "openvas": [{"lastseen": "2020-01-27T18:35:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13028", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-13045", "CVE-2017-13034"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171281", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1281)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1281\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12897\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:04:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1281)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1281\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1281\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2017-1281 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\nThe ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\nThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\nThe OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\nThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\nThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\nThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\nThe IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\nThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\nThe telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\nThe MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\nThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\nThe IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-13000)\n\nThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\nThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\nThe IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\nThe PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\nThe VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\nThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998, CVE-2017-13014, CVE-2017-13037, CVE-2017-13690 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h175\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-12998", "CVE-2017-13006", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13028", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-13045", "CVE-2017-13034"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171280", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171280", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1280)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1280\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2017-12894\", \"CVE-2017-12895\", \"CVE-2017-12897\", \"CVE-2017-12900\", \"CVE-2017-12901\", \"CVE-2017-12902\", \"CVE-2017-12985\", \"CVE-2017-12986\", \"CVE-2017-12987\", \"CVE-2017-12988\", \"CVE-2017-12989\", \"CVE-2017-12990\", \"CVE-2017-12991\", \"CVE-2017-12992\", \"CVE-2017-12993\", \"CVE-2017-12994\", \"CVE-2017-12995\", \"CVE-2017-12996\", \"CVE-2017-12997\", \"CVE-2017-12998\", \"CVE-2017-12999\", \"CVE-2017-13000\", \"CVE-2017-13001\", \"CVE-2017-13002\", \"CVE-2017-13003\", \"CVE-2017-13004\", \"CVE-2017-13005\", \"CVE-2017-13006\", \"CVE-2017-13007\", \"CVE-2017-13008\", \"CVE-2017-13009\", \"CVE-2017-13010\", \"CVE-2017-13011\", \"CVE-2017-13012\", \"CVE-2017-13013\", \"CVE-2017-13014\", \"CVE-2017-13015\", \"CVE-2017-13016\", \"CVE-2017-13017\", \"CVE-2017-13018\", \"CVE-2017-13019\", \"CVE-2017-13020\", \"CVE-2017-13021\", \"CVE-2017-13022\", \"CVE-2017-13023\", \"CVE-2017-13024\", \"CVE-2017-13025\", \"CVE-2017-13026\", \"CVE-2017-13027\", \"CVE-2017-13028\", \"CVE-2017-13029\", \"CVE-2017-13030\", \"CVE-2017-13031\", \"CVE-2017-13032\", \"CVE-2017-13033\", \"CVE-2017-13034\", \"CVE-2017-13035\", \"CVE-2017-13036\", \"CVE-2017-13037\", \"CVE-2017-13038\", \"CVE-2017-13039\", \"CVE-2017-13040\", \"CVE-2017-13041\", \"CVE-2017-13042\", \"CVE-2017-13043\", \"CVE-2017-13044\", \"CVE-2017-13045\", \"CVE-2017-13046\", \"CVE-2017-13047\", \"CVE-2017-13048\", \"CVE-2017-13049\", \"CVE-2017-13050\", \"CVE-2017-13051\", \"CVE-2017-13052\", \"CVE-2017-13053\", \"CVE-2017-13054\", \"CVE-2017-13055\", \"CVE-2017-13688\", \"CVE-2017-13689\", \"CVE-2017-13690\", \"CVE-2017-13725\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:03:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2017-1280)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1280\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1280\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tcpdump' package(s) announced via the EulerOS-SA-2017-1280 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().(CVE-2017-13048)\n\nThe ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.(CVE-2017-13013)\n\nThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().(CVE-2017-13033)\n\nThe OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().(CVE-2017-13036)\n\nThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().(CVE-2017-13047)\n\nThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().(CVE-2017-13025)\n\nThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().(CVE-2017-13019)\n\nThe IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().(CVE-2017-12985)\n\nThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().(CVE-2017-13725)\n\nThe telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().(CVE-2017-12988)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12991)\n\nThe MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.(CVE-2017-13040)\n\nThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().(CVE-2017-13029)\n\nThe IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().(CVE-2017-13000)\n\nThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().(CVE-2017-13022)\n\nThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.(CVE-2017-13039)\n\nThe IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().(CVE-2017-13031)\n\nThe PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.(CVE-2017-13030)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().(CVE-2017-12994)\n\nThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().(CVE-2017-13043)\n\nThe VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().(CVE-2017-13045)\n\nThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().(CVE-2017-13054, CVE-2017-12998, CVE-2017-13014, CVE-2017-13037, CVE-2017-13690 ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'tcpdump' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tcpdump\", rpm:\"tcpdump~4.9.0~5.h175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-09T15:52:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-13720", "CVE-2019-5877", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13691", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13702", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13709", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-13692", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13708", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "description": "The remote host is missing an update for the ", "modified": "2019-12-06T00:00:00", "published": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310704562", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704562", "type": "openvas", "title": "Debian Security Advisory DSA 4562-1 (chromium - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704562\");\n script_version(\"2019-12-06T10:04:22+0000\");\n script_cve_id(\"CVE-2019-13659\", \"CVE-2019-13660\", \"CVE-2019-13661\", \"CVE-2019-13662\", \"CVE-2019-13663\", \"CVE-2019-13664\", \"CVE-2019-13665\", \"CVE-2019-13666\", \"CVE-2019-13667\", \"CVE-2019-13668\", \"CVE-2019-13669\", \"CVE-2019-13670\", \"CVE-2019-13671\", \"CVE-2019-13673\", \"CVE-2019-13674\", \"CVE-2019-13675\", \"CVE-2019-13676\", \"CVE-2019-13677\", \"CVE-2019-13678\", \"CVE-2019-13679\", \"CVE-2019-13680\", \"CVE-2019-13681\", \"CVE-2019-13682\", \"CVE-2019-13683\", \"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\", \"CVE-2019-13691\", \"CVE-2019-13692\", \"CVE-2019-13693\", \"CVE-2019-13694\", \"CVE-2019-13695\", \"CVE-2019-13696\", \"CVE-2019-13697\", \"CVE-2019-13699\", \"CVE-2019-13700\", \"CVE-2019-13701\", \"CVE-2019-13702\", \"CVE-2019-13703\", \"CVE-2019-13704\", \"CVE-2019-13705\", \"CVE-2019-13706\", \"CVE-2019-13707\", \"CVE-2019-13708\", \"CVE-2019-13709\", \"CVE-2019-13710\", \"CVE-2019-13711\", \"CVE-2019-13713\", \"CVE-2019-13714\", \"CVE-2019-13715\", \"CVE-2019-13716\", \"CVE-2019-13717\", \"CVE-2019-13718\", \"CVE-2019-13719\", \"CVE-2019-13720\", \"CVE-2019-13721\", \"CVE-2019-5869\", \"CVE-2019-5870\", \"CVE-2019-5871\", \"CVE-2019-5872\", \"CVE-2019-5874\", \"CVE-2019-5875\", \"CVE-2019-5876\", \"CVE-2019-5877\", \"CVE-2019-5878\", \"CVE-2019-5879\", \"CVE-2019-5880\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-06 10:04:22 +0000 (Fri, 06 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-12 03:00:49 +0000 (Tue, 12 Nov 2019)\");\n script_name(\"Debian Security Advisory DSA 4562-1 (chromium - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4562.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4562-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the DSA-4562-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2019-5869\nZhe Jin discovered a use-after-free issue.\n\nCVE-2019-5870\nGuang Gong discovered a use-after-free issue.\n\nCVE-2019-5871\nA buffer overflow issue was discovered in the skia library.\n\nCVE-2019-5872\nZhe Jin discovered a use-after-free issue.\n\nCVE-2019-5874\nJames Lee discovered an issue with external Uniform Resource Identifiers.\n\nCVE-2019-5875\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2019-5876\nMan Yue Mo discovered a use-after-free issue.\n\nCVE-2019-5877\nGuang Gong discovered an out-of-bounds read issue.\n\nCVE-2019-5878\nGuang Gong discovered an use-after-free issue in the v8 javascript\nlibrary.\n\nCVE-2019-5879\nJinseo Kim discover that extensions could read files on the local\nsystem.\n\nCVE-2019-5880\nJun Kokatsu discovered a way to bypass the SameSite cookie feature.\n\nCVE-2019-13659\nLnyas Zhang discovered a URL spoofing issue.\n\nCVE-2019-13660\nWenxu Wu discovered a user interface error in full screen mode.\n\nCVE-2019-13661\nWenxu Wu discovered a user interface spoofing issue in full screen mode.\n\nCVE-2019-13662\nDavid Erceg discovered a way to bypass the Content Security Policy.\n\nCVE-2019-13663\nLnyas Zhang discovered a way to spoof Internationalized Domain Names.\n\nCVE-2019-13664\nThomas Shadwell discovered a way to bypass the SameSite cookie feature.\n\nCVE-2019-13665\nJun Kokatsu discovered a way to bypass the multiple file download\nprotection feature.\n\nCVE-2019-13666\nTom Van Goethem discovered an information leak.\n\nCVE-2019-13667\nKhalil Zhani discovered a URL spoofing issue.\n\nCVE-2019-13668\nDavid Erceg discovered an information leak.\n\nCVE-2019-13669\nKhalil Zhani discovered an authentication spoofing issue.\n\nCVE-2019-13670\nGuang Gong discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2019-13671\nxisigr discovered a user interface error.\n\nCVE-2019-13673\nDavid Erceg discovered an information leak.\n\nCVE-2019-13674\nKhalil Zhani discovered a way to spoof Internationalized Domain Names.\n\nCVE-2019-13675\nJun Kokatsu discovered a way to disable extensions.\n\nCVE-2019-13676\nWenxu Wu discovered an error in a certificate warning.\n\nCVE-2019-13677\nJun Kokatsu discovered an error in the chrome web store.\n\nCVE-2019-13678\nRonni Skansing discovered a spoofing issue in the download dialog window.\n\nCVE-2019-13679\nConrad Irwin discovered that user activation was not required for\nprinting.\n\nCVE-2019-13680\nThijs Alkamade discovered an IP address spoofing issue.\n\nCVE-2019-13681\nDavid Erceg discovered a way to bypass download restrictions.\n\nCVE-2019-13682\nJun Kokatsu discovered a way to bypass the site iso ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), support for chromium has been\ndiscontinued. Please upgrade to the stable release (buster) to continue\nreceiving chromium updates or switch to firefox, which continues to be\nsupported in the oldstable release.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 78.0.3904.97-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"chromium\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-common\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-driver\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-sandbox\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"chromium-shell\", ver:\"78.0.3904.97-1~deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:48:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13687", "CVE-2019-13686", "CVE-2019-13685", "CVE-2019-13688"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-09-26T00:00:00", "id": "OPENVAS:1361412562310852714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852714", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2186-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852714\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-26 02:01:32 +0000 (Thu, 26 Sep 2019)\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2019:2186-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2186-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00070.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the openSUSE-SU-2019:2186-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for chromium to version 77.0.3865.90 fixes the following\n issues:\n\n - CVE-2019-13685: Fixed a use-after-free in UI. (boo#1151229)\n\n - CVE-2019-13688: Fixed a use-after-free in media. (boo#1151229)\n\n - CVE-2019-13687: Fixed a use-after-free in media. (boo#1151229)\n\n - CVE-2019-13686: Fixed a use-after-free in offline pages. (boo#1151229)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2186=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2186=1\");\n\n script_tag(name:\"affected\", value:\"'chromium' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~77.0.3865.90~lp150.242.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~77.0.3865.90~lp150.242.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~77.0.3865.90~lp150.242.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~77.0.3865.90~lp150.242.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~77.0.3865.90~lp150.242.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securelist": [{"lastseen": "2019-11-29T14:41:16", "bulletinFamily": "blog", "cvelist": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2017-8570", "CVE-2017-8759", "CVE-2018-0802", "CVE-2019-0708", "CVE-2019-1181", "CVE-2019-1182", "CVE-2019-1222", "CVE-2019-1223", "CVE-2019-1224", "CVE-2019-1225", "CVE-2019-1226", "CVE-2019-1367", "CVE-2019-13685", "CVE-2019-13686", "CVE-2019-13687", "CVE-2019-13688", "CVE-2019-14743", "CVE-2019-15315"], "description": "\n\n_These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network:\n\n * Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe.\n * 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.\n * Attempted infections by malware designed to steal money via online access to bank accounts were blocked on the computers of 197,559 users.\n * Ransomware attacks were defeated on the computers of 229,643 unique users.\n * Our File Anti-Virus detected 230,051,054 unique malicious and potentially unwanted objects.\n * Kaspersky products for mobile devices detected: \n * 870,617 malicious installation packages\n * 13,129 installation packages for mobile banking Trojans\n * 13,179 installation packages for mobile ransomware Trojans\n\n## Mobile threats\n\n### Quarterly highlights\n\nIn Q3 2019, we discovered an extremely [unpleasant incident](<https://securelist.com/dropper-in-google-play/92496/>) with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper's task was to activate paid subscriptions, although it could deliver another payload if required.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171243/malware-q3-2019-statistics-en-1.png>)\n\nAnother interesting Trojan detected in Q3 2019 is Trojan.AndroidOS.Agent.vn. Its main function is to \"like\" Facebook posts when instructed by its handlers. Interestingly, to make the click, the Trojan attacks the Facebook mobile app on the infected device, literally forcing it to execute its command.\n\nIn the same quarter, we discovered [new FinSpy spyware Trojans](<https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/>) for iOS and Android. In the fresh versions, the focus is on snooping on correspondence in messaging apps. The iOS version requires a [jailbreak](<https://encyclopedia.kaspersky.com/glossary/jailbreak/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) to do its job, while the Android version is able to spy on the encrypted Threema app among others.\n\n### Mobile threat statistics\n\nIn Q3 2019, Kaspersky detected 870,617 malicious installation packages.\n\n_Number of detected malicious installation packages, Q4 2018 \u2013 Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171249/malware-q3-2019-statistics-en-2.png>)\n\nWhereas in previous quarters we observed a noticeable drop in the number of new installation packages, Q3's figure was up by 117,067 packages compared to the previous quarter.\n\n### Distribution of detected mobile apps by type\n\n_Distribution of detected mobile apps by type, Q2 and Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/29125517/malware-q3-2019-statistics-en-3.png>)\n\nAmong all the mobile threats detected in Q3 2019, the lion's share went to potentially unsolicited RiskTool-class programs (32.1%), which experienced a fall of 9 p.p. against the previous quarter. The most frequently detected objects were in the RiskTool.AndroidOS families: Agent (33.07% of all detected threats in this class), RiskTool.AndroidOS.Wapron (16.43%), and RiskTool.AndroidOS.Smssend (10.51%).\n\nSecond place went to miscellaneous Trojans united under the Trojan class (21.68%), their share increased by 10 p.p. The distribution within the class was unchanged since the previous quarter, with the Trojan.AndroidOS.Hiddapp (32.5%), Trojan.AndroidOS.Agent (12.8%), and Trojan.AndroidOS.Piom (9.1% ) families remaining in the lead. Kaspersky's machine-learning systems made a significant contribution to detecting threats: Trojans detected by this technology (the Trojan.AndroidOS.Boogr verdict) made up 28.7% \u2014 second place after Hiddapp.\n\nIn third place were Adware-class programs (19.89%), whose share rose by 1 p.p. in the reporting period. Most often, adware programs belonged to one of the following families: AdWare.AndroidOS.Ewind (20.73% of all threats in this class), AdWare.AndroidOS.Agent (20.36%), and AdWare.AndroidOS.MobiDash (14.27%).\n\nThreats in the Trojan-Dropper class (10.44%) remained at the same level with insignificant (0.5 p.p.) growth. The vast majority of detected droppers belonged to the Trojan-Dropper.AndroidOS.Wapnor family (69.7%). A long way behind in second and third place, respectively, were Trojan-Dropper.AndroidOS.Wroba (14.58%) and Trojan-Dropper.AndroidOS.Agent (8.75%).\n\n### TOP 20 mobile malware programs\n\n_Note that this malware rating does not include potentially dangerous or unwanted programs classified as RiskTool or adware._\n\n| Verdict | %* \n---|---|--- \n1 | DangerousObject.Multi.Generic | 48.71 \n2 | Trojan.AndroidOS.Boogr.gsh | 9.03 \n3 | Trojan.AndroidOS.Hiddapp.ch | 7.24 \n4 | Trojan.AndroidOS.Hiddapp.cr | 7.23 \n5 | Trojan-Dropper.AndroidOS.Necro.n | 6.87 \n6 | DangerousObject.AndroidOS.GenericML | 4.34 \n7 | Trojan-Downloader.AndroidOS.Helper.a | 1.99 \n8 | Trojan-Banker.AndroidOS.Svpeng.ak | 1.75 \n9 | Trojan-Dropper.AndroidOS.Agent.ok | 1.65 \n10 | Trojan-Dropper.AndroidOS.Hqwar.gen | 1.52 \n11 | Trojan-Dropper.AndroidOS.Hqwar.bb | 1.46 \n12 | Trojan-Downloader.AndroidOS.Necro.b | 1.45 \n13 | Trojan-Dropper.AndroidOS.Lezok.p | 1.44 \n14 | Trojan.AndroidOS.Hiddapp.cf | 1.41 \n15 | Trojan.AndroidOS.Dvmap.a | 1.27 \n16 | Trojan.AndroidOS.Agent.rt | 1.24 \n17 | Trojan-Banker.AndroidOS.Asacub.snt | 1.21 \n18 | Trojan-Dropper.AndroidOS.Necro.q | 1.19 \n19 | Trojan-Dropper.AndroidOS.Necro.l | 1.12 \n20 | Trojan-SMS.AndroidOS.Prizmes.a | 1.12 \n \n_* Unique users attacked by this malware as a percentage of all users of Kaspersky mobile solutions that were attacked._\n\nFirst place in our TOP 20 as ever went to DangerousObject.Multi.Generic (48.71%), the verdict we use for malware detected [using cloud technologies](<https://www.kaspersky.com/enterprise-security/wiki-section/products/big-data-the-astraea-technology>). Cloud technologies are deployed when the antivirus databases lack data for detecting a piece of malware, but the company's cloud already contains information about the object. This is basically how the latest malicious programs are detected.\n\nSecond and six places were claimed by Trojan.AndroidOS.Boogr.gsh (9.03%) and DangerousObject.AndroidOS.GenericML (4.34%). These verdicts are assigned to files recognized as malicious by our [machine-learning systems](<https://www.kaspersky.com/enterprise-security/wiki-section/products/machine-learning-in-cybersecurity>).\n\nThird, fourth, and fourteenth places were taken by members of the Trojan.AndroidOS.Hiddapp family, whose task is to covertly foist ads onto victims.\n\nFifth, twelfth, eighteenth, and nineteenth positions went to Trojan droppers of the Necro family. Although this family showed up on the radar last quarter, really serious activity was observed only in this reporting period.\n\nSeventh place goes to Trojan-Downloader.AndroidOS.Helper.a (1.99%), which is what members of the Necro family usually extract from themselves. Helper.a is tasked with downloading arbitrary code from malicious servers and running it.\n\nThe eighth place was taken by the malware Trojan-Banker.AndroidOS.Svpeng.ak (1.75%), the main task of which is to steal online banking credentials and intercept two-factor authorization codes.\n\nNinth position went to Trojan-Dropper.AndroidOS.Agent.ok (1.65%), which is distributed under the guise of FlashPlayer or a Rapidshare client. Most commonly, it drops adware modules into the infected system.\n\nTenth and eleventh places went to members of the Trojan-Banker.AndroidOS.Hqwar family. The popularity of this dropper among cybercriminals [continues to fall](<https://securelist.com/hqwar-the-higher-it-flies-the-harder-it-drops/93689/>).\n\n### Geography of mobile threats\n\n_Geography of mobile malware infection attempts, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171307/malware-q3-2019-statistics-en-4.png>)\n\n**TOP 10 countries by share of users attacked by mobile malware**\n\n| Country* | %** \n---|---|--- \n1 | Iran | 52.68 \n2 | Bangladesh | 30.94 \n3 | India | 28.75 \n4 | Pakistan | 28.13 \n5 | Algeria | 26.47 \n6 | Indonesia | 23.38 \n7 | Nigeria | 22.46 \n8 | Tanzania | 21.96 \n9 | Saudi Arabia | 20.05 \n10 | Egypt | 19.44 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky mobile solutions (under 10,000)._ \n_** Unique users attacked by mobile bankers as a percentage of all users of Kaspersky mobile solutions in the country._\n\nIn Q3's TOP 10, Iran (52.68%) retained top spot by share of attacked users. Note that over the reporting period the country's share almost doubled. Kaspersky users in Iran most often encountered the adware app AdWare.AndroidOS.Agent.fa (22.03% of the total number of mobile threats), adware installing Trojan.AndroidOS.Hiddapp.bn (14.68% ) and the potentially unwanted program RiskTool.AndroidOS.Dnotua.yfe (8.84%).\n\nBangladesh (30.94%) retained second place in the ranking. Users in this country most frequently encountered adware programs, including AdWare.AndroidOS.Agent.f\u0441 (27.58% of the total number of mobile threats) and AdWare.AndroidOS.HiddenAd.et (12.65%), as well as Trojan.AndroidOS.Hiddapp.cr (20.05%), which downloads adware programs.\n\nIndia (28.75%) climbed to third place due to the same threats that were more active than others in Bangladesh: AdWare.AndroidOS.Agent.f\u0441 (36.19%), AdWare.AndroidOS.HiddenAd.et (17.17%) and Trojan.AndroidOS.Hiddapp.cr (22.05%).\n\n### Mobile banking Trojans\n\nIn the reporting period, we detected **13,129** installation packages for mobile banking Trojans, only 770 fewer than in Q2 2019.\n\nThe largest contributions to the statistics came from the Trojan-Banker.AndroidOS.Svpeng (40.59% of all detected banking Trojans), Trojan-Banker.AndroidOS. Agent (11.84%), and Trojan-Banker.AndroidOS.Faketoken (11.79%) families.\n\n_Number of installation packages for mobile banking Trojans detected by Kaspersky, Q3 2018 \u2013 Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171313/malware-q3-2019-statistics-en-5.png>)\n\n**TOP 10 mobile banking Trojans**\n\n| Verdict | %* \n---|---|--- \n1 | Trojan-Banker.AndroidOS.Svpeng.ak | 16.85 \n2 | Trojan-Banker.AndroidOS.Asacub.snt | 11.61 \n3 | Trojan-Banker.AndroidOS.Svpeng.q | 8.97 \n4 | Trojan-Banker.AndroidOS.Asacub.ce | 8.07 \n5 | Trojan-Banker.AndroidOS.Agent.ep | 5.51 \n6 | Trojan-Banker.AndroidOS.Asacub.a | 5.27 \n7 | Trojan-Banker.AndroidOS.Faketoken.q | 5.26 \n8 | Trojan-Banker.AndroidOS.Agent.eq | 3.62 \n9 | Trojan-Banker.AndroidOS.Faketoken.snt | 2.91 \n10 | Trojan-Banker.AndroidOS.Asacub.ar | 2.81 \n \n_* Unique users attacked by this malware as a percentage of all users of Kaspersky mobile solutions that were attacked by banking threats._\n\nThe TOP 10 banking threats in Q3 2019 was headed by Trojans of the Trojan-Banker.AndroidOS.Svpeng family: Svpeng.ak (16.85%) took first place, and Svpeng.q (8.97%) third. This is not the first time we have detected amusing obfuscation in Trojans from Russian-speaking cybercriminals \u2014 this time the code of the malware Svpeng.ak featured the names of video games.\n\n[](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171317/malware-q3-2019-statistics-en-6.png>)\n\n_Snippets of decompiled code from Trojan-Banker.AndroidOS.Svpeng.ak_\n\nSecond, fourth, sixth, and tenth positions in Q3 went to the Asacub Trojan family. Despite a decrease in activity, Asacub samples are still found on devices around the world.\n\n_Geography of mobile banking threats, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171323/malware-q3-2019-statistics-en-7.png>)\n\n**TOP 10 countries by share of users attacked by mobile banking Trojans:**\n\n| Country* | %** \n---|---|--- \n1 | Russia | 0.30 \n2 | South Africa | 0.20 \n3 | Kuwait | 0.18 \n4 | Tajikistan | 0.13 \n5 | Spain | 0.12 \n6 | Indonesia | 0.12 \n7 | China | 0.11 \n8 | Singapore | 0.11 \n9 | Armenia | 0.10 \n10 | Uzbekistan | 0.10 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky mobile solutions (under 10,000)._ \n_** Unique users attacked by mobile banking Trojans as a percentage of all users of Kaspersky mobile solutions in the country._\n\nIn Q3 Russia moved up to first place (0.30%), which impacted the entire pattern of mobile bankers spread around the world. Users in Russia were most often targeted with Trojan-Banker.AndroidOS.Svpeng.ak (17.32% of all attempts to infect unique users with mobile financial malware). The same Trojan made it into the TOP 10 worldwide. It is a similar story with second and third places: Trojan-Banker.AndroidOS.Asacub.snt (11.86%) and Trojan-Banker.AndroidOS.Svpeng.q (9.20%).\n\nSouth Africa fell to second place (0.20%), where for the second quarter in a row Trojan-Banker.AndroidOS.Agent.dx (89.80% of all mobile financial malware) was the most widespread threat.\n\nBronze went to Kuwait (0.21%), where, like in South Africa, Trojan-Banker.AndroidOS.Agent.dx (75%) was most often encountered.\n\n### Mobile ransomware Trojans\n\nIn Q3 2019, we detected 13,179 installation packages for mobile ransomware \u2014 10,115 fewer than last quarter. We observed a similar drop in Q2, so since the start of the year the number of mobile ransomware Trojans has decreased almost threefold. The reason, as we see it, is the decline in activity of the group behind the Asacub Trojan.\n\n_Number of installation packages for mobile banking Trojans, Q3 2018 \u2013 Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171329/malware-q3-2019-statistics-en-8.png>)\n\n**TOP 10 mobile ransomware Trojans**\n\n| Verdict | %* \n---|---|--- \n1 | Trojan-Ransom.AndroidOS.Svpeng.aj | 40.97 \n2 | Trojan-Ransom.AndroidOS.Small.as | 8.82 \n3 | Trojan-Ransom.AndroidOS.Svpeng.ah | 5.79 \n4 | Trojan-Ransom.AndroidOS.Rkor.i | 5.20 \n5 | Trojan-Ransom.AndroidOS.Rkor.h | 4.78 \n6 | Trojan-Ransom.AndroidOS.Small.o | 3.60 \n7 | Trojan-Ransom.AndroidOS.Svpeng.ai | 2.93 \n8 | Trojan-Ransom.AndroidOS.Small.ce | 2.93 \n9 | Trojan-Ransom.AndroidOS.Fusob.h | 2.72 \n10 | Trojan-Ransom.AndroidOS.Small.cj | 2.66 \n \n_* Unique users attacked by this malware as a percentage of all users of Kaspersky mobile solutions that were attacked by ransomware Trojans._\n\nIn Q3 2019, the leading positions among ransomware Trojans were retained by members of the Trojan-Ransom.AndroidOS.Svpeng family. Top spot, as in the previous quarter, was claimed by Svpeng.aj (40.97%), with Svpeng.ah (5.79%) in third.\n\n_Geography of mobile ransomware Trojans, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171337/malware-q3-2019-statistics-en-9.png>)\n\n**TOP 10 countries by share of users attacked by mobile ransomware Trojans:**\n\n| Country* | %** \n---|---|--- \n1 | US | 1.12 \n2 | Iran | 0.25 \n3 | Kazakhstan | 0.25 \n4 | Oman | 0.09 \n5 | Qatar | 0.08 \n6 | Saudi Arabia | 0.06 \n7 | Mexico | 0.05 \n8 | Pakistan | 0.05 \n9 | Kuwait | 0.04 \n10 | Indonesia | 0.04 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky mobile solutions (under 10,000)._ \n_** Unique users attacked by mobile ransomware Trojans as a percentage of all users of Kaspersky mobile solutions in the country._\n\nThe leaders by number of users attacked by mobile ransomware Trojans, as in the previous quarter, were the US (1.12%), Iran (0.25%), and Kazakhstan (0.25%)\n\n## Attacks on Apple macOS\n\nQ3 saw a lull in the emergence of new threats. An exception was the distribution of a [modified version](<https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/>) of the Stockfolio investment app, which contained an encrypted reverse shell backdoor.\n\n### TOP 20 threats for macOS\n\n| Verdict | %* \n---|---|--- \n1 | Trojan-Downloader.OSX.Shlayer.a | 22.71 \n2 | AdWare.OSX.Pirrit.j | 14.43 \n3 | AdWare.OSX.Pirrit.s | 11.73 \n4 | AdWare.OSX.Pirrit.p | 10.43 \n5 | AdWare.OSX.Pirrit.o | 9.71 \n6 | AdWare.OSX.Bnodlero.t | 8.40 \n7 | AdWare.OSX.Spc.a | 7.32 \n8 | AdWare.OSX.Cimpli.d | 6.92 \n9 | AdWare.OSX.MacSearch.a | 4.88 \n10 | Adware.OSX.Agent.d | 4.71 \n11 | AdWare.OSX.Ketin.c | 4.63 \n12 | AdWare.OSX.Ketin.b | 4.10 \n13 | Downloader.OSX.InstallCore.ab | 4.01 \n14 | AdWare.OSX.Cimpli.e | 3.86 \n15 | AdWare.OSX.Bnodlero.q | 3.78 \n16 | AdWare.OSX.Cimpli.f | 3.76 \n17 | AdWare.OSX.Bnodlero.x | 3.49 \n18 | AdWare.OSX.Mcp.a | 3.26 \n19 | AdWare.OSX.MacSearch.d | 3.18 \n20 | AdWare.OSX.Amc.a | 3.15 \n \n_* Unique users attacked by this malware as a percentage of all users of Kaspersky security solutions for macOS that were attacked._\n\nLike last quarter, the adware Trojan Shlayer was the top threat for macOS. This malware in turn downloaded adware programs of the Pirrit family, as a result of which its members took the second to fifth positions in our ranking.\n\n### Threat geography\n\n| Country* | %** \n---|---|--- \n1 | France | 6.95 \n2 | India | 6.24 \n3 | Spain | 5.61 \n4 | Italy | 5.29 \n5 | US | 4.84 \n6 | Russia | 4.79 \n7 | Brazil | 4.75 \n8 | Mexico | 4.68 \n9 | Canada | 4.46 \n10 | Australia | 4.27 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000)_ \n_** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nThe geographical distribution of attacked users underwent some minor changes: India took silver with 6.24% of attacked users, while Spain came in third with 5.61%. France (6.95%) hung on to first position.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q3, the trend continued toward a decrease in the number of IP addresses of devices used to carry out attacks on Kaspersky Telnet honeypots. If in Q2 Telnet's share was still significantly higher than that of SSH, in Q3 the figures were almost equal. \n \nSSH | 48.17% \nTelnet | 51.83% \n \n_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q3 2019_\n\nAs for the number of sessions involving Kaspersky [traps](<https://encyclopedia.kaspersky.com/glossary/honeypot-glossary/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>), we noted that in Q3 Telnet-based control was also deployed more often. \n \nSSH | 40.81% \nTelnet | 59.19% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q3 2019_\n\n### Telnet-based attacks\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky Telnet traps, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171344/malware-q3-2019-statistics-en-10.png>)\n\n**TOP 10 countries by location of devices from which telnet-based attacks were carried out on Kaspersky traps**\n\n| Country | %* \n---|---|--- \n1 | China | 13.78 \n2 | Egypt | 10.89 \n3 | Brazil | 8.56 \n4 | Taiwan | 8.33 \n5 | US | 4.71 \n6 | Russia | 4.35 \n7 | Turkey | 3.47 \n8 | Vietnam | 3.44 \n9 | Greece | 3.43 \n10 | India | 3.41 \n \nLast quarter's leaders Egypt (10.89%), China (13.78%), and Brazil (8.56%) again made up the TOP 3, the only difference being that this time China took the first place.\n\nTelnet-based attacks most often resulted in the download of a member of the notorious Mirai family.\n\n**TOP 10 malware downloaded to infected IoT devices via successful telnet-based attacks **\n\n| Verdict | %* \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 38.08 \n2 | Trojan-Downloader.Linux.NyaDrop.b | 27.46 \n3 | Backdoor.Linux.Mirai.ba | 16.52 \n4 | Backdoor.Linux.Gafgyt.bj | 2.76 \n5 | Backdoor.Linux.Mirai.au | 2.21 \n6 | Backdoor.Linux.Mirai.c | 2.02 \n7 | Backdoor.Linux.Mirai.h | 1.81 \n8 | Backdoor.Linux.Mirai.ad | 1.66 \n9 | Backdoor.Linux.Gafgyt.az | 0.86 \n10 | Backdoor.Linux.Mirai.a | 0.80 \n \n_* Share of malware type in the total amount of malware downloaded to IoT devices following a successful Telnet-based attack._\n\n### SSH-based attacks\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky SSH traps, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171352/malware-q3-2019-statistics-en-11.png>)\n\n**TOP 10 countries by location of devices from which attacks were made on Kaspersky SSH traps**\n\n| Country | %* \n---|---|--- \n1 | Egypt | 17.06 \n2 | Vietnam | 16.98 \n3 | China | 13.81 \n4 | Brazil | 7.37 \n5 | Russia | 6.71 \n6 | Thailand | 4.53 \n7 | US | 4.13 \n8 | Azerbaijan | 3.99 \n9 | India | 2.55 \n10 | France | 1.53 \n \nIn Q3 2019, the largest number of attacks on Kaspersky traps using the SSH protocol came from Egypt (17.06%). Vietnam (16.98%) and China (13.81%) took second and third places, respectively.\n\n## Financial threats\n\n### Financial threat statistics\n\nIn Q3 2019, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 197,559 users.\n\n_Number of unique users attacked by financial malware, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171358/malware-q3-2019-statistics-en-12.png>)\n\n### Attack geography\n\nTo evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country we calculated the share of users of Kaspersky products that faced this threat during the reporting period out of all users of our products in that country.\n\n_Geography of banking malware attacks, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171406/malware-q3-2019-statistics-en-13.png>)\n\n**TOP 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Belarus | 2.9 \n2 | Uzbekistan | 2.1 \n3 | South Korea | 1.9 \n4 | Venezuela | 1.8 \n5 | Tajikistan | 1.4 \n6 | Afghanistan | 1.3 \n7 | China | 1.2 \n8 | Syria | 1.2 \n9 | Yemen | 1.2 \n10 | Sudan | 1.1 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000)._ \n_** Unique users whose computers were targeted by banking Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n**TOP 10 banking malware families**\n\n| Name | Verdicts | %* \n---|---|---|--- \n1 | Zbot | Trojan.Win32.Zbot | 26.7 | \n2 | Emotet | Backdoor.Win32.Emotet | 23.9 | \n3 | RTM | Trojan-Banker.Win32.RTM | 19.3 | \n4 | Nimnul | Virus.Win32.Nimnul | 6.6 | \n5 | Trickster | Trojan.Win32.Trickster | 5.8 | \n6 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 5.4 | \n7 | Nymaim | Trojan.Win32.Nymaim | 3.6 | \n8 | SpyEye | Trojan-Spy.Win32.SpyEye | 3.4 | \n9 | Danabot | Trojan-Banker.Win32.Danabot | 3.3 | \n10 | Neurevt | Trojan.Win32.Neurevt | 1.8 | \n \n_** Unique users attacked by this malware as a percentage of all users attacked by financial malware._\n\nThe TOP 3 in Q3 2019 had the same faces as last quarter, only in a different order: the RTM family (19.3%) dropped from first to third, shedding almost 13 p.p., allowing the other two \u2014 Zbot (26.7%) and Emotet (23.9%) \u2014 to climb up. Last quarter we noted a decline in the activity of Emotet servers, but in Q3 it came back on track, with Emotet's share growing by more than 15 p.p.\n\nFourth and fifth places did not change at all \u2014 still occupied by Nimnul (6.6%) and Trickster (5.8%). Their scores rose insignificantly, less than 1 p.p. Of the new entries in our TOP 10, worth noting is the banker CliptoShuffler (5.4%), which stormed straight into sixth place.\n\n## Ransomware programs\n\n### Quarterly highlights\n\nThe number of ransomware attacks against [government](<https://threatpost.com/ransomware-demand-massachusetts-city-no-thanks/148034/>) [agencies](<https://threatpost.com/coordinated-ransomware-attack-hits-23-texas-government-agencies/147457/>), as well as organizations in the healthcare, [education](<https://www.bleepingcomputer.com/news/security/monroe-college-hit-with-ransomware-2-million-demanded/>), and [energy](<https://www.bleepingcomputer.com/news/security/ransomware-attack-cripples-power-company-s-entire-network/>) sectors, continues to rise. This trend we [noted](<https://securelist.com/it-threat-evolution-q2-2019-statistics/92053/#glavnye-sobytiya-kvartala>) back in the previous quarter.\n\nA [new type of attack](<https://threatpost.com/linux-ransomware-nas-servers/146441/>), one on network attached storages (NAS), is gaining ground. The infection scheme involves attackers scanning IP address ranges in search of NAS devices accessible via the Internet. Generally, only the web interface is accessible from the outside, protected by an authentication page; however, a number of devices have vulnerabilities in the firmware. This enables cybercriminals, by means of an exploit, to install on the device a Trojan that encrypts all data on NAS-connected media. This is a particularly dangerous attack, since in many cases the NAS is used to store backups, and such devices are generally perceived by their owners as a reliable means of storage, and the mere possibility of an infection can come as a shock.\n\n[Wipers](<https://encyclopedia.kaspersky.com/glossary/wiper/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) have also become a [more frequent attack tool](<https://www.bleepingcomputer.com/news/security/destructive-ordinypt-malware-hitting-germany-in-new-spam-campaign/>). Like ransomware, such programs rename files and make ransom demands. But these Trojans irreversibly ruin the file contents (replacing them with zeros or random bytes), so even if the victim pays up, the original files are lost.\n\nThe FBI published decryption keys for GandCrab (verdict Trojan-Ransom.Win32.GandCrypt) versions 4 and 5. The decryption was added to the latest [RakhniDecryptor](<https://support.kaspersky.com/10556>) build.\n\n### Number of new modifications\n\nIn Q3 2019, we identified three new families of ransomware Trojans and discovered 13,138 new modifications of this malware.\n\n_Number of new ransomware modifications, Q3 2018 \u2013 Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171414/malware-q3-2019-statistics-en-14.png>)\n\n### Number of users attacked by ransomware Trojans\n\nIn Q3 2019, Kaspersky products defeated ransomware attacks against 229,643 unique KSN users. This is slightly fewer than the previous quarter.\n\n_Number of unique users attacked by ransomware Trojans, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171421/malware-q3-2019-statistics-en-15.png>)\n\nJuly saw the largest number of attacked users \u2014 100,380, almost 20,000 more than in June. After that, however, this indicator fell sharply and did not stray far from the figure of 90,000 attacked users.\n\n### Attack geography\n\n_Geographical spread of countries by share of users attacked by ransomware Trojans, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171430/malware-q3-2019-statistics-en-16.png>)\n\n**TOP 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **% of users attacked by cryptors**** \n---|---|--- \n1 | Bangladesh | 6.39 \n2 | Mozambique | 2.96 \n3 | Uzbekistan | 2.26 \n4 | Nepal | 1.71 \n5 | Ethiopia | 1.29 \n6 | Ghana | 1.19 \n7 | Afghanistan | 1.12 \n8 | Egypt | 0.83 \n9 | Palestine | 0.80 \n10 | Vietnam | 0.79 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000)._ \n_** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### TOP 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts** | **% of attacked users*** \n---|---|---|--- \n1 | WannaCry | Trojan-Ransom.Win32.Wanna | 20.96 | \n2 | (generic verdict) | Trojan-Ransom.Win32.Phny | 20.01 | \n3 | GandCrab | Trojan-Ransom.Win32.GandCrypt | 8.58 | \n4 | (generic verdict) | Trojan-Ransom.Win32.Gen | 8.36 | \n5 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 6.56 | \n6 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 5.08 | \n7 | Stop | Trojan-Ransom.Win32.Stop | 4.63 | \n8 | Rakhni | Trojan-Ransom.Win32.Rakhni | 3.97 | \n9 | (generic verdict) | Trojan-Ransom.Win32.Crypmod | 2.77 | \n10 | PolyRansom/VirLock | Virus.Win32.PolyRansom \nTrojan-Ransom.Win32. PolyRansom | 2.50 | \n| | | | | \n \n_* Unique Kaspersky users attacked by the specified family of ransomware Trojans as a percentage of all users attacked by ransomware Trojans._\n\n## Miners\n\n### Number of new modifications\n\nIn Q3 2019, Kaspersky solutions detected 11 753 new modifications of miners.\n\n_Number of new miner modifications, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171437/malware-q3-2019-statistics-en-17.png>)\n\n### Number of users attacked by miners\n\nIn Q3, we detected attacks using miners on the computers of 639,496 unique users of Kaspersky products worldwide.\n\n_Number of unique users attacked by miners, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171445/malware-q3-2019-statistics-en-18.png>)\n\nThe number of attacked users continued to decline in Q3, down to 282,334 in August. In September, this indicator began to grow \u2014 up to 297,394 \u2014 within touching distance of July's figure.\n\n### Attack geography\n\n_Geographical spread of countries by share of users attacked by miners, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171455/malware-q3-2019-statistics-en-19.png>)\n\n**TOP 10 countries by share of users attacked by miners**\n\n| **Country*** | **% of users attacked by miners**** \n---|---|--- \n1 | Afghanistan | 9.42 \n2 | Ethiopia | 7.29 \n3 | Uzbekistan | 4.99 \n4 | Sri Lanka | 4.62 \n5 | Tanzania | 4.35 \n6 | Vietnam | 3.72 \n7 | Kazakhstan | 3.66 \n8 | Mozambique | 3.44 \n9 | Rwanda | 2.55 \n10 | Bolivia | 2.43 \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000)._ \n_** Unique users whose computers were attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by cybercriminals during cyber attacks\n\nAs before, in the statistics on the distribution of exploits used by cybercriminals, a huge share belongs to vulnerabilities in the Microsoft Office suite (73%). Most common of all, as in the previous quarter, were stack overflow errors ([CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>)) in the Equation Editor application, which was previously part of Microsoft Office. Other Microsoft Office vulnerabilities widely exploited this quarter were again [CVE-2017-8570](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570>), [CVE-2017-8759](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759>), and [CVE-2017-0199](<https://nvd.nist.gov/vuln/detail/CVE-2017-0199>).\n\nModern browsers are complex software products, which means that new vulnerabilities are constantly being discovered and used in attacks (13%). The most common target for cybercriminals is Microsoft Internet Explorer, vulnerabilities in which are often exploited in the wild. This quarter saw the discovery of the actively exploited zero-day vulnerability [CVE-2019-1367](<https://www.helpnetsecurity.com/2019/09/24/cve-2019-1367/>), which causes memory corruption and allows remote code execution on the target system. The fact that Microsoft released an unscheduled patch for it points to how serious the situation was. Nor was Google Chrome problem-free this quarter, having received updates to fix a number of [critical vulnerabilities](<https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-095/>) (CVE-2019-13685, CVE-2019-13686, CVE-2019-13687, CVE-2019-13688), some of which allow intruders to circumvent all levels of browser protection and execute code in the system, bypassing the [sandbox](<https://encyclopedia.kaspersky.com/glossary/sandbox/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>).\n\nThe majority of vulnerabilities aimed at privilege escalation inside the system stem from individual operating system services and popular apps. Privilege escalation vulnerabilities play a special role, as they are often utilized in malicious software to obtain persistence in the target system. Of note this quarter are the vulnerabilities [CVE-2019-14743](<https://www.bleepingcomputer.com/news/security/steam-security-saga-continues-with-vulnerability-fix-bypass/>) and [CVE-2019-15315](<https://nvd.nist.gov/vuln/detail/CVE-2019-15315>), which allow compromising systems with the popular Steam client installed. A flaw in the Microsoft Windows Text Services Framework also warrants a mention. A Google researcher published a tool to demonstrate the problem ([CtfTool](<https://blog.stealthbits.com/using-ctftool-exe-to-escalate-privileges-by-leveraging-text-services-framework-and-mitigation-processes-and-steps/>)), which allows processes to be run with system privileges, as well as changes to be made to the memory of other processes and arbitrary code to be executed in them.\n\n_Distribution of exploits used in attacks by type of application attacked, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171502/malware-q3-2019-statistics-en-20.png>)\n\nNetwork attacks are still widespread. This quarter, as in previous ones, we registered numerous attempts to exploit vulnerabilities in the SMB protocol. This indicates that unprotected and not-updated systems are still at high risk of infection in attacks that deploy EternalBlue, EternalRomance, and other exploits. That said, a large share of malicious network traffic is made up of requests aimed at bruteforcing passwords in popular network services and servers, such as Remote Desktop Protocol and Microsoft SQL Server. RDP faced other problems too related to the detection of several vulnerabilities in this network protocol united under the common name [DejaBlue](<https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/>) ([CVE-2019-1181](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1181>), [CVE-2019-1182](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1182>), [CVE-2019-1222](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1222>), [CVE-2019-1223](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1223>), [CVE-2019-1224](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1224>), [CVE-2019-1225](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1225>), [CVE-2019-1226](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1226>)). Unlike the previously discovered [CVE-2019-0708](<https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/>), these vulnerabilities affect not only old versions of operating systems, but new ones as well, such as Windows 10. As in the case of [CVE-2019-0708](<https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/>), some [DejaBlue](<https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/>) vulnerabilities do not require authorization in the attacked system and allow to carry out malicious activity invisible to the user. Therefore, it is vital to promptly install the latest updates for both the operating system and antivirus solutions to reduce the risk of infection.\n\n### Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Malicious websites are specially created by cybercriminals; web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries that are sources of web-based attacks: TOP 10\n\n_The following statistics show the distribution by country of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&amp;C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographical source of web-based attacks, domain names are matched against their actual domain IP addresses, and then the geographical location of a specific IP address (GEOIP) is established._\n\nIn Q3 2019, Kaspersky solutions blocked **989,432,403** attacks launched from online resources located in 203 countries across the globe. **560,025,316** unique URLs triggered Web Anti-Virus components.\n\n_Distribution of web-based attack sources by country, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171508/malware-q3-2019-statistics-en-21.png>)\n\n### Countries where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries, for each country we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries.\n\nThis rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Tunisia | 23.26 \n2 | Algeria | 19.75 \n3 | Albania | 18.77 \n4 | R\u00e9union | 16.46 \n5 | Bangladesh | 16.46 \n6 | Venezuela | 16.21 \n7 | North Macedonia | 15.33 \n8 | France | 15.09 \n9 | Qatar | 14.97 \n10 | Martinique | 14.84 \n11 | Greece | 14.59 \n12 | Serbia | 14.36 \n13 | Syria | 13.99 \n14 | Bulgaria | 13.88 \n15 | Philippines | 13.71 \n16 | UAE | 13.64 \n17 | Djibouti | 13.47 \n18 | Morocco | 13.35 \n19 | Belarus | 13.34 \n20 | Saudi Arabia | 13.30 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country._\n\n_These statistics are based on detection verdicts returned by the Web Anti-Virus module that were received from users of Kaspersky products who consented to provide statistical data._\n\nOn average, 10.97% of Internet user computers worldwide experienced at least one **Malware-class** attack.\n\n_Geography of malicious web-based attacks, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171517/malware-q3-2019-statistics-en-22.png>)\n\n## Local threats\n\n_Statistics on local infections of user computers are an important indicator. They include objects that penetrated the target computer through infecting files or removable media, or initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\n_Data in this section is based on analyzing statistics produced by Anti-Virus scans of files on the hard drive at the moment they were created or accessed, and the results of scanning removable storage media._\n\nIn Q3 2019, our File Anti-Virus detected **230,051,054** malicious and potentially unwanted objects.\n\n#### **Countries where users faced the highest risk of local infection**\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggers in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Afghanistan | 53.45 \n2 | Tajikistan | 48.43 \n3 | Yemen | 48.39 \n4 | Uzbekistan | 48.38 \n5 | Turkmenistan | 45.95 \n6 | Myanmar | 45.27 \n7 | Ethiopia | 44.18 \n8 | Laos | 43.24 \n9 | Bangladesh | 42.96 \n10 | Mozambique | 41.58 \n11 | Syria | 41.15 \n12 | Vietnam | 41.11 \n13 | Iraq | 41.09 \n14 | Sudan | 40.18 \n15 | Kyrgyzstan | 40.06 \n16 | China | 39.94 \n17 | Rwanda | 39.49 \n18 | Venezuela | 39.18 \n19 | Malawi | 38.81 \n20 | Nepal | 38.38 \n| | \n \n_These statistics are based on detection verdicts returned by OAS and ODS Anti-Virus modules received from users of Kaspersky products who consented to provide statistical data. The data includes detections of malicious programs located on user computers or removable media connected to computers, such as flash drives, camera memory cards, phones and external hard drives._\n\n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q3 2019_[ (download)](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/28171525/malware-q3-2019-statistics-en-23.png>)\n\nOverall, 21.1% of user computers globally faced at least one **Malware-class** local threat during Q3.\n\nThe figure for Russia was 24.24%.", "modified": "2019-11-29T10:00:19", "published": "2019-11-29T10:00:19", "id": "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D", "href": "https://securelist.com/it-threat-evolution-q3-2019-statistics/95269/", "type": "securelist", "title": "IT threat evolution Q3 2019. Statistics", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2019-11-25T03:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-5877", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-5873", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13709", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5881", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13708", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-78.0.3904.87\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-78.0.3904.87\"", "edition": 1, "modified": "2019-11-25T00:00:00", "published": "2019-11-25T00:00:00", "id": "GLSA-201911-06", "href": "https://security.gentoo.org/glsa/201911-06", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-01-01T02:57:52", "description": "The remote host is affected by the vulnerability described in GLSA-201911-06\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-25T00:00:00", "title": "GLSA-201911-06 : Chromium, Google Chrome: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-5877", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-5873", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13709", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5881", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13708", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:chromium"], "id": "GENTOO_GLSA-201911-06.NASL", "href": "https://www.tenable.com/plugins/nessus/131266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201911-06.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131266);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2019-13659\", \"CVE-2019-13660\", \"CVE-2019-13661\", \"CVE-2019-13662\", \"CVE-2019-13663\", \"CVE-2019-13664\", \"CVE-2019-13665\", \"CVE-2019-13666\", \"CVE-2019-13667\", \"CVE-2019-13668\", \"CVE-2019-13669\", \"CVE-2019-13670\", \"CVE-2019-13671\", \"CVE-2019-13673\", \"CVE-2019-13674\", \"CVE-2019-13675\", \"CVE-2019-13676\", \"CVE-2019-13677\", \"CVE-2019-13678\", \"CVE-2019-13679\", \"CVE-2019-13680\", \"CVE-2019-13681\", \"CVE-2019-13682\", \"CVE-2019-13683\", \"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\", \"CVE-2019-13693\", \"CVE-2019-13694\", \"CVE-2019-13695\", \"CVE-2019-13696\", \"CVE-2019-13697\", \"CVE-2019-13699\", \"CVE-2019-13700\", \"CVE-2019-13701\", \"CVE-2019-13703\", \"CVE-2019-13704\", \"CVE-2019-13705\", \"CVE-2019-13706\", \"CVE-2019-13707\", \"CVE-2019-13708\", \"CVE-2019-13709\", \"CVE-2019-13710\", \"CVE-2019-13711\", \"CVE-2019-13713\", \"CVE-2019-13714\", \"CVE-2019-13715\", \"CVE-2019-13716\", \"CVE-2019-13717\", \"CVE-2019-13718\", \"CVE-2019-13719\", \"CVE-2019-13721\", \"CVE-2019-5869\", \"CVE-2019-5870\", \"CVE-2019-5871\", \"CVE-2019-5872\", \"CVE-2019-5873\", \"CVE-2019-5874\", \"CVE-2019-5875\", \"CVE-2019-5876\", \"CVE-2019-5877\", \"CVE-2019-5878\", \"CVE-2019-5879\", \"CVE-2019-5880\", \"CVE-2019-5881\");\n script_xref(name:\"GLSA\", value:\"201911-06\");\n\n script_name(english:\"GLSA-201911-06 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201911-06\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201911-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-78.0.3904.87'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-78.0.3904.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 78.0.3904.87\"), vulnerable:make_list(\"lt 78.0.3904.87\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 78.0.3904.87\"), vulnerable:make_list(\"lt 78.0.3904.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-10-17T05:40:12", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2019-5869\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-5870\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2019-5871\n A buffer overflow issue was discovered in the skia\n library.\n\n - CVE-2019-5872\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-5874\n James Lee discovered an issue with external Uniform\n Resource Identifiers.\n\n - CVE-2019-5875\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-5876\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-5877\n Guang Gong discovered an out-of-bounds read issue.\n\n - CVE-2019-5878\n Guang Gong discovered an use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2019-5879\n Jinseo Kim discover that extensions could read files on\n the local system.\n\n - CVE-2019-5880\n Jun Kokatsu discovered a way to bypass the SameSite\n cookie feature.\n\n - CVE-2019-13659\n Lnyas Zhang discovered a URL spoofing issue.\n\n - CVE-2019-13660\n Wenxu Wu discovered a user interface error in full\n screen mode.\n\n - CVE-2019-13661\n Wenxu Wu discovered a user interface spoofing issue in\n full screen mode.\n\n - CVE-2019-13662\n David Erceg discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2019-13663\n Lnyas Zhang discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13664\n Thomas Shadwell discovered a way to bypass the SameSite\n cookie feature.\n\n - CVE-2019-13665\n Jun Kokatsu discovered a way to bypass the multiple file\n download protection feature.\n\n - CVE-2019-13666\n Tom Van Goethem discovered an information leak.\n\n - CVE-2019-13667\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-13668\n David Erceg discovered an information leak.\n\n - CVE-2019-13669\n Khalil Zhani discovered an authentication spoofing\n issue.\n\n - CVE-2019-13670\n Guang Gong discovered a memory corruption issue in the\n v8 JavaScript library.\n\n - CVE-2019-13671\n xisigr discovered a user interface error.\n\n - CVE-2019-13673\n David Erceg discovered an information leak.\n\n - CVE-2019-13674\n Khalil Zhani discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13675\n Jun Kokatsu discovered a way to disable extensions.\n\n - CVE-2019-13676\n Wenxu Wu discovered an error in a certificate warning.\n\n - CVE-2019-13677\n Jun Kokatsu discovered an error in the chrome web store.\n\n - CVE-2019-13678\n Ronni Skansing discovered a spoofing issue in the\n download dialog window.\n\n - CVE-2019-13679\n Conrad Irwin discovered that user activation was not\n required for printing.\n\n - CVE-2019-13680\n Thijs Alkamade discovered an IP address spoofing issue.\n\n - CVE-2019-13681\n David Erceg discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13682\n Jun Kokatsu discovered a way to bypass the site\n isolation feature.\n\n - CVE-2019-13683\n David Erceg discovered an information leak.\n\n - CVE-2019-13685\n Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2019-13686\n Brendon discovered a use-after-free issue.\n\n - CVE-2019-13687\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13688\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13691\n David Erceg discovered a user interface spoofing issue.\n\n - CVE-2019-13692\n Jun Kokatsu discovered a way to bypass the Same Origin\n Policy.\n\n - CVE-2019-13693\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2019-13694\n banananapenguin discovered a use-after-free issue.\n\n - CVE-2019-13695\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13696\n Guang Gong discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2019-13697\n Luan Herrera discovered an information leak.\n\n - CVE-2019-13699\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13700\n Man Yue Mo discovered a buffer overflow issue.\n\n - CVE-2019-13701\n David Erceg discovered a URL spoofing issue.\n\n - CVE-2019-13702\n Phillip Langlois and Edward Torkington discovered a\n privilege escalation issue in the installer.\n\n - CVE-2019-13703\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-13704\n Jun Kokatsu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2019-13705\n Luan Herrera discovered a way to bypass extension\n permissions.\n\n - CVE-2019-13706\n pdknsk discovered an out-of-bounds read issue in the\n pdfium library.\n\n - CVE-2019-13707\n Andrea Palazzo discovered an information leak.\n\n - CVE-2019-13708\n Khalil Zhani discovered an authentication spoofing\n issue.\n\n - CVE-2019-13709\n Zhong Zhaochen discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13710\n bernardo.mrod discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13711\n David Erceg discovered an information leak.\n\n - CVE-2019-13713\n David Erceg discovered an information leak.\n\n - CVE-2019-13714\n Jun Kokatsu discovered an issue with Cascading Style\n Sheets.\n\n - CVE-2019-13715\n xisigr discovered a URL spoofing issue.\n\n - CVE-2019-13716\n Barron Hagerman discovered an error in the service\n worker implementation.\n\n - CVE-2019-13717\n xisigr discovered a user interface spoofing issue.\n\n - CVE-2019-13718\n Khalil Zhani discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13719\n Khalil Zhani discovered a user interface spoofing issue.\n\n - CVE-2019-13720\n Anton Ivanov and Alexey Kulaev discovered a\n use-after-free issue.\n\n - CVE-2019-13721\n banananapenguin discovered a use-after-free issue in the\n pdfium library.", "edition": 15, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-11-12T00:00:00", "title": "Debian DSA-4562-1 : chromium - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-13720", "CVE-2019-5877", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13691", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13702", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13709", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-13692", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13708", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:chromium"], "id": "DEBIAN_DSA-4562.NASL", "href": "https://www.tenable.com/plugins/nessus/130774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4562. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130774);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/16\");\n\n script_cve_id(\"CVE-2019-13659\", \"CVE-2019-13660\", \"CVE-2019-13661\", \"CVE-2019-13662\", \"CVE-2019-13663\", \"CVE-2019-13664\", \"CVE-2019-13665\", \"CVE-2019-13666\", \"CVE-2019-13667\", \"CVE-2019-13668\", \"CVE-2019-13669\", \"CVE-2019-13670\", \"CVE-2019-13671\", \"CVE-2019-13673\", \"CVE-2019-13674\", \"CVE-2019-13675\", \"CVE-2019-13676\", \"CVE-2019-13677\", \"CVE-2019-13678\", \"CVE-2019-13679\", \"CVE-2019-13680\", \"CVE-2019-13681\", \"CVE-2019-13682\", \"CVE-2019-13683\", \"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\", \"CVE-2019-13691\", \"CVE-2019-13692\", \"CVE-2019-13693\", \"CVE-2019-13694\", \"CVE-2019-13695\", \"CVE-2019-13696\", \"CVE-2019-13697\", \"CVE-2019-13699\", \"CVE-2019-13700\", \"CVE-2019-13701\", \"CVE-2019-13702\", \"CVE-2019-13703\", \"CVE-2019-13704\", \"CVE-2019-13705\", \"CVE-2019-13706\", \"CVE-2019-13707\", \"CVE-2019-13708\", \"CVE-2019-13709\", \"CVE-2019-13710\", \"CVE-2019-13711\", \"CVE-2019-13713\", \"CVE-2019-13714\", \"CVE-2019-13715\", \"CVE-2019-13716\", \"CVE-2019-13717\", \"CVE-2019-13718\", \"CVE-2019-13719\", \"CVE-2019-13720\", \"CVE-2019-13721\", \"CVE-2019-5869\", \"CVE-2019-5870\", \"CVE-2019-5871\", \"CVE-2019-5872\", \"CVE-2019-5874\", \"CVE-2019-5875\", \"CVE-2019-5876\", \"CVE-2019-5877\", \"CVE-2019-5878\", \"CVE-2019-5879\", \"CVE-2019-5880\");\n script_xref(name:\"DSA\", value:\"4562\");\n\n script_name(english:\"Debian DSA-4562-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2019-5869\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-5870\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2019-5871\n A buffer overflow issue was discovered in the skia\n library.\n\n - CVE-2019-5872\n Zhe Jin discovered a use-after-free issue.\n\n - CVE-2019-5874\n James Lee discovered an issue with external Uniform\n Resource Identifiers.\n\n - CVE-2019-5875\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-5876\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-5877\n Guang Gong discovered an out-of-bounds read issue.\n\n - CVE-2019-5878\n Guang Gong discovered an use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2019-5879\n Jinseo Kim discover that extensions could read files on\n the local system.\n\n - CVE-2019-5880\n Jun Kokatsu discovered a way to bypass the SameSite\n cookie feature.\n\n - CVE-2019-13659\n Lnyas Zhang discovered a URL spoofing issue.\n\n - CVE-2019-13660\n Wenxu Wu discovered a user interface error in full\n screen mode.\n\n - CVE-2019-13661\n Wenxu Wu discovered a user interface spoofing issue in\n full screen mode.\n\n - CVE-2019-13662\n David Erceg discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2019-13663\n Lnyas Zhang discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13664\n Thomas Shadwell discovered a way to bypass the SameSite\n cookie feature.\n\n - CVE-2019-13665\n Jun Kokatsu discovered a way to bypass the multiple file\n download protection feature.\n\n - CVE-2019-13666\n Tom Van Goethem discovered an information leak.\n\n - CVE-2019-13667\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-13668\n David Erceg discovered an information leak.\n\n - CVE-2019-13669\n Khalil Zhani discovered an authentication spoofing\n issue.\n\n - CVE-2019-13670\n Guang Gong discovered a memory corruption issue in the\n v8 JavaScript library.\n\n - CVE-2019-13671\n xisigr discovered a user interface error.\n\n - CVE-2019-13673\n David Erceg discovered an information leak.\n\n - CVE-2019-13674\n Khalil Zhani discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13675\n Jun Kokatsu discovered a way to disable extensions.\n\n - CVE-2019-13676\n Wenxu Wu discovered an error in a certificate warning.\n\n - CVE-2019-13677\n Jun Kokatsu discovered an error in the chrome web store.\n\n - CVE-2019-13678\n Ronni Skansing discovered a spoofing issue in the\n download dialog window.\n\n - CVE-2019-13679\n Conrad Irwin discovered that user activation was not\n required for printing.\n\n - CVE-2019-13680\n Thijs Alkamade discovered an IP address spoofing issue.\n\n - CVE-2019-13681\n David Erceg discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13682\n Jun Kokatsu discovered a way to bypass the site\n isolation feature.\n\n - CVE-2019-13683\n David Erceg discovered an information leak.\n\n - CVE-2019-13685\n Khalil Zhani discovered a use-after-free issue.\n\n - CVE-2019-13686\n Brendon discovered a use-after-free issue.\n\n - CVE-2019-13687\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13688\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13691\n David Erceg discovered a user interface spoofing issue.\n\n - CVE-2019-13692\n Jun Kokatsu discovered a way to bypass the Same Origin\n Policy.\n\n - CVE-2019-13693\n Guang Gong discovered a use-after-free issue.\n\n - CVE-2019-13694\n banananapenguin discovered a use-after-free issue.\n\n - CVE-2019-13695\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13696\n Guang Gong discovered a use-after-free issue in the v8\n JavaScript library.\n\n - CVE-2019-13697\n Luan Herrera discovered an information leak.\n\n - CVE-2019-13699\n Man Yue Mo discovered a use-after-free issue.\n\n - CVE-2019-13700\n Man Yue Mo discovered a buffer overflow issue.\n\n - CVE-2019-13701\n David Erceg discovered a URL spoofing issue.\n\n - CVE-2019-13702\n Phillip Langlois and Edward Torkington discovered a\n privilege escalation issue in the installer.\n\n - CVE-2019-13703\n Khalil Zhani discovered a URL spoofing issue.\n\n - CVE-2019-13704\n Jun Kokatsu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2019-13705\n Luan Herrera discovered a way to bypass extension\n permissions.\n\n - CVE-2019-13706\n pdknsk discovered an out-of-bounds read issue in the\n pdfium library.\n\n - CVE-2019-13707\n Andrea Palazzo discovered an information leak.\n\n - CVE-2019-13708\n Khalil Zhani discovered an authentication spoofing\n issue.\n\n - CVE-2019-13709\n Zhong Zhaochen discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13710\n bernardo.mrod discovered a way to bypass download\n restrictions.\n\n - CVE-2019-13711\n David Erceg discovered an information leak.\n\n - CVE-2019-13713\n David Erceg discovered an information leak.\n\n - CVE-2019-13714\n Jun Kokatsu discovered an issue with Cascading Style\n Sheets.\n\n - CVE-2019-13715\n xisigr discovered a URL spoofing issue.\n\n - CVE-2019-13716\n Barron Hagerman discovered an error in the service\n worker implementation.\n\n - CVE-2019-13717\n xisigr discovered a user interface spoofing issue.\n\n - CVE-2019-13718\n Khalil Zhani discovered a way to spoof Internationalized\n Domain Names.\n\n - CVE-2019-13719\n Khalil Zhani discovered a user interface spoofing issue.\n\n - CVE-2019-13720\n Anton Ivanov and Alexey Kulaev discovered a\n use-after-free issue.\n\n - CVE-2019-13721\n banananapenguin discovered a use-after-free issue in the\n pdfium library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-5880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-13721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4562\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the oldstable distribution (stretch), support for chromium has\nbeen discontinued. Please upgrade to the stable release (buster) to\ncontinue receiving chromium updates or switch to firefox, which\ncontinues to be supported in the oldstable release.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 78.0.3904.97-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"78.0.3904.97-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-31T20:27:12", "description": "An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers\n(CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect\n(CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files\n(CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass\n(CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate\n(CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs\n(CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools\n(CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash\n(CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning\n(CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated\n(CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-30T00:00:00", "title": "RHEL 6 : chromium-browser (RHSA-2019:3211)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-5871", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13662", "CVE-2019-5877", "CVE-2019-13665", "CVE-2019-13691", "CVE-2019-13674", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13679", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13661", "CVE-2019-5881", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13693", "CVE-2019-13692", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13675", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688"], "modified": "2019-10-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-3211.NASL", "href": "https://www.tenable.com/plugins/nessus/130372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3211. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130372);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2019-13659\", \"CVE-2019-13660\", \"CVE-2019-13661\", \"CVE-2019-13662\", \"CVE-2019-13663\", \"CVE-2019-13664\", \"CVE-2019-13665\", \"CVE-2019-13666\", \"CVE-2019-13667\", \"CVE-2019-13668\", \"CVE-2019-13669\", \"CVE-2019-13670\", \"CVE-2019-13671\", \"CVE-2019-13673\", \"CVE-2019-13674\", \"CVE-2019-13675\", \"CVE-2019-13676\", \"CVE-2019-13677\", \"CVE-2019-13678\", \"CVE-2019-13679\", \"CVE-2019-13680\", \"CVE-2019-13681\", \"CVE-2019-13682\", \"CVE-2019-13683\", \"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\", \"CVE-2019-13691\", \"CVE-2019-13692\", \"CVE-2019-13693\", \"CVE-2019-13694\", \"CVE-2019-13695\", \"CVE-2019-13696\", \"CVE-2019-13697\", \"CVE-2019-5870\", \"CVE-2019-5871\", \"CVE-2019-5872\", \"CVE-2019-5874\", \"CVE-2019-5875\", \"CVE-2019-5876\", \"CVE-2019-5877\", \"CVE-2019-5878\", \"CVE-2019-5879\", \"CVE-2019-5880\", \"CVE-2019-5881\");\n script_xref(name:\"RHSA\", value:\"2019:3211\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2019:3211)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es) :\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers\n(CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect\n(CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files\n(CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass\n(CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate\n(CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs\n(CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools\n(CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash\n(CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning\n(CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated\n(CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:3211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-13697\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3211\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-77.0.3865.120-2.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-77.0.3865.120-2.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-77.0.3865.120-2.el6_10\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-77.0.3865.120-2.el6_10\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-24T09:14:14", "description": "This update for chromium to version 77.0.3865.90 fixes the following\nissues :\n\n - CVE-2019-13685: Fixed a use-after-free in UI.\n (boo#1151229)\n\n - CVE-2019-13688: Fixed a use-after-free in media.\n (boo#1151229)\n\n - CVE-2019-13687: Fixed a use-after-free in media.\n (boo#1151229)\n\n - CVE-2019-13686: Fixed a use-after-free in offline pages.\n (boo#1151229)", "edition": 12, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-26T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2019-2186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-13687", "CVE-2019-13686", "CVE-2019-13685", "CVE-2019-13688"], "modified": "2019-09-26T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2019-2186.NASL", "href": "https://www.tenable.com/plugins/nessus/129378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2186.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2019-13685\", \"CVE-2019-13686\", \"CVE-2019-13687\", \"CVE-2019-13688\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2019-2186)\");\n script_summary(english:\"Check for the openSUSE-2019-2186 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium to version 77.0.3865.90 fixes the following\nissues :\n\n - CVE-2019-13685: Fixed a use-after-free in UI.\n (boo#1151229)\n\n - CVE-2019-13688: Fixed a use-after-free in media.\n (boo#1151229)\n\n - CVE-2019-13687: Fixed a use-after-free in media.\n (boo#1151229)\n\n - CVE-2019-13686: Fixed a use-after-free in offline pages.\n (boo#1151229)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151229\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-77.0.3865.90-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-77.0.3865.90-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-77.0.3865.90-lp151.2.33.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-77.0.3865.90-lp151.2.33.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debugsource-77.0.3865.90-lp151.2.33.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-01-11T01:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-13720", "CVE-2019-5877", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13691", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13702", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-13660", "CVE-2019-5878", "CVE-2019-13709", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-13692", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-13697", "CVE-2019-13708", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-13667", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-4562-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nNovember 10, 2019 https://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872\n CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877\n CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659\n CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663\n CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667\n CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671\n CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676\n CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680\n CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685\n CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691\n CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695\n CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700\n CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704\n CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708\n CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713\n CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717\n CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2019-5869\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2019-5870\n\n Guang Gong discovered a use-after-free issue.\n\nCVE-2019-5871\n\n A buffer overflow issue was discovered in the skia library.\n\nCVE-2019-5872\n\n Zhe Jin discovered a use-after-free issue.\n\nCVE-2019-5874\n\n James Lee discovered an issue with external Uniform Resource Identifiers.\n\nCVE-2019-5875\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2019-5876\n\n Man Yue Mo discovered a use-after-free issue.\n\nCVE-2019-5877\n\n Guang Gong discovered an out-of-bounds read issue.\n\nCVE-2019-5878\n\n Guang Gong discovered an use-after-free issue in the v8 javascript\n library.\n\nCVE-2019-5879\n\n Jinseo Kim discover that extensions could read files on the local\n system.\n\nCVE-2019-5880\n\n Jun Kokatsu discovered a way to bypass the SameSite cookie feature.\n\nCVE-2019-13659\n\n Lnyas Zhang discovered a URL spoofing issue.\n\nCVE-2019-13660\n\n Wenxu Wu discovered a user interface error in full screen mode.\n\nCVE-2019-13661\n\n Wenxu Wu discovered a user interface spoofing issue in full screen mode.\n\nCVE-2019-13662\n\n David Erceg discovered a way to bypass the Content Security Policy.\n\nCVE-2019-13663\n\n Lnyas Zhang discovered a way to spoof Internationalized Domain Names.\n\nCVE-2019-13664\n\n Thomas Shadwell discovered a way to bypass the SameSite cookie feature.\n\nCVE-2019-13665\n\n Jun Kokatsu discovered a way to bypass the multiple file download\n protection feature.\n\nCVE-2019-13666\n\n Tom Van Goethem discovered an information leak.\n\nCVE-2019-13667\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2019-13668\n\n David Erceg discovered an information leak.\n\nCVE-2019-13669\n\n Khalil Zhani discovered an authentication spoofing issue.\n\nCVE-2019-13670\n\n Guang Gong discovered a memory corruption issue in the v8 javascript\n library.\n\nCVE-2019-13671\n\n xisigr discovered a user interface error.\n\nCVE-2019-13673\n\n David Erceg discovered an information leak.\n\nCVE-2019-13674\n\n Khalil Zhani discovered a way to spoof Internationalized Domain Names.\n\nCVE-2019-13675\n\n Jun Kokatsu discovered a way to disable extensions.\n\nCVE-2019-13676\n\n Wenxu Wu discovered an error in a certificate warning.\n\nCVE-2019-13677\n\n Jun Kokatsu discovered an error in the chrome web store.\n\nCVE-2019-13678\n\n Ronni Skansing discovered a spoofing issue in the download dialog window.\n\nCVE-2019-13679\n\n Conrad Irwin discovered that user activation was not required for\n printing.\n\nCVE-2019-13680\n\n Thijs Alkamade discovered an IP address spoofing issue.\n\nCVE-2019-13681\n\n David Erceg discovered a way to bypass download restrictions.\n\nCVE-2019-13682\n\n Jun Kokatsu discovered a way to bypass the site isolation feature.\n\nCVE-2019-13683\n\n David Erceg discovered an information leak.\n\nCVE-2019-13685\n\n Khalil Zhani discovered a use-after-free issue.\n\nCVE-2019-13686\n\n Brendon discovered a use-after-free issue.\n\nCVE-2019-13687\n\n Man Yue Mo discovered a use-after-free issue.\n\nCVE-2019-13688\n\n Man Yue Mo discovered a use-after-free issue.\n\nCVE-2019-13691\n\n David Erceg discovered a user interface spoofing issue.\n\nCVE-2019-13692\n\n Jun Kokatsu discovered a way to bypass the Same Origin Policy.\n\nCVE-2019-13693\n\n Guang Gong discovered a use-after-free issue.\n\nCVE-2019-13694\n\n banananapenguin discovered a use-after-free issue.\n\nCVE-2019-13695\n\n Man Yue Mo discovered a use-after-free issue.\n\nCVE-2019-13696\n\n Guang Gong discovered a use-after-free issue in the v8 javascript library.\n\nCVE-2019-13697\n\n Luan Herrera discovered an information leak.\n\nCVE-2019-13699\n\n Man Yue Mo discovered a use-after-free issue.\n\nCVE-2019-13700\n\n Man Yue Mo discovered a buffer overflow issue.\n\nCVE-2019-13701\n\n David Erceg discovered a URL spoofing issue.\n\nCVE-2019-13702\n\n Phillip Langlois and Edward Torkington discovered a privilege escalation\n issue in the installer.\n\nCVE-2019-13703\n\n Khalil Zhani discovered a URL spoofing issue.\n\nCVE-2019-13704\n\n Jun Kokatsu discovered a way to bypass the Content Security Policy.\n\nCVE-2019-13705\n\n Luan Herrera discovered a way to bypass extension permissions.\n\nCVE-2019-13706\n\n pdknsk discovered an out-of-bounds read issue in the pdfium library.\n\nCVE-2019-13707\n\n Andrea Palazzo discovered an information leak.\n\nCVE-2019-13708\n\n Khalil Zhani discovered an authentication spoofing issue.\n\nCVE-2019-13709\n\n Zhong Zhaochen discovered a way to bypass download restrictions.\n\nCVE-2019-13710\n\n bernardo.mrod discovered a way to bypass download restrictions.\n\nCVE-2019-13711\n\n David Erceg discovered an information leak.\n\nCVE-2019-13713\n\n David Erceg discovered an information leak.\n\nCVE-2019-13714\n\n Jun Kokatsu discovered an issue with Cascading Style Sheets.\n\nCVE-2019-13715\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2019-13716\n\n Barron Hagerman discovered an error in the service worker implementation.\n\nCVE-2019-13717\n\n xisigr discovered a user interface spoofing issue.\n\nCVE-2019-13718\n\n Khalil Zhani discovered a way to spoof Internationalized Domain Names.\n\nCVE-2019-13719\n\n Khalil Zhani discovered a user interface spoofing issue.\n\nCVE-2019-13720\n\n Anton Ivanov and Alexey Kulaev discovered a use-after-free issue.\n\nCVE-2019-13721\n\n banananapenguin discovered a use-after-free issue in the pdfium library.\n\nFor the oldstable distribution (stretch), support for chromium has been\ndiscontinued. Please upgrade to the stable release (buster) to continue\nreceiving chromium updates or switch to firefox, which continues to be\nsupported in the oldstable release.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 78.0.3904.97-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2019-11-10T19:17:01", "published": "2019-11-10T19:17:01", "id": "DEBIAN:DSA-4562-1:58850", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00214.html", "title": "[SECURITY] [DSA 4562-1] chromium security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-11-07T04:02:01", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13704", "CVE-2019-5871", "CVE-2019-13714", "CVE-2019-13659", "CVE-2019-13666", "CVE-2019-13687", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-5850", "CVE-2019-5869", "CVE-2019-13686", "CVE-2019-5880", "CVE-2019-5853", "CVE-2019-13680", "CVE-2019-13664", "CVE-2019-13699", "CVE-2019-13662", "CVE-2019-13720", "CVE-2019-5877", "CVE-2019-5868", "CVE-2019-13719", "CVE-2019-13665", "CVE-2019-13674", "CVE-2019-13706", "CVE-2019-5875", "CVE-2019-5857", "CVE-2019-13678", "CVE-2019-13694", "CVE-2019-13718", "CVE-2019-13701", "CVE-2019-13679", "CVE-2019-13702", "CVE-2019-13673", "CVE-2019-13670", "CVE-2019-13713", "CVE-2019-5861", "CVE-2019-13700", "CVE-2019-5876", "CVE-2019-13671", "CVE-2019-13682", "CVE-2019-13707", "CVE-2019-13669", "CVE-2019-13681", "CVE-2019-13685", "CVE-2019-13695", "CVE-2019-5870", "CVE-2019-13717", "CVE-2019-13660", "CVE-2019-5863", "CVE-2019-5878", "CVE-2019-5854", "CVE-2019-13709", "CVE-2019-5851", "CVE-2019-13661", "CVE-2019-13721", "CVE-2019-5881", "CVE-2019-5879", "CVE-2019-13696", "CVE-2019-13703", "CVE-2019-13693", "CVE-2019-5852", "CVE-2019-13668", "CVE-2019-13663", "CVE-2019-5862", "CVE-2019-13715", "CVE-2019-13683", "CVE-2019-5872", "CVE-2019-5865", "CVE-2019-13697", "CVE-2019-15903", "CVE-2019-5867", "CVE-2019-5864", "CVE-2019-5859", "CVE-2019-13708", "CVE-2019-5860", "CVE-2019-5858", "CVE-2019-13705", "CVE-2019-13675", "CVE-2019-13710", "CVE-2019-5874", "CVE-2019-5856", "CVE-2019-13667", "CVE-2019-5855", "CVE-2019-13688", "CVE-2019-13711", "CVE-2019-13716"], "description": "This update for chromium fixes the following issues:\n\n Chromium was updated to 78.0.3904.87:\n (boo#1155643,boo#1154806,boo#1153660,\n boo#1151229,boo#1149143,boo#1145242,boo#1143492)\n\n Security issues fixed with this version update:\n\n * CVE-2019-13721: Use-after-free in PDFium\n * CVE-2019-13720: Use-after-free in audio\n * CVE-2019-13699: Use-after-free in media\n * CVE-2019-13700: Buffer overrun in Blink\n * CVE-2019-13701: URL spoof in navigation\n * CVE-2019-13702: Privilege elevation in Installer\n * CVE-2019-13703: URL bar spoofing\n * CVE-2019-13704: CSP bypass\n * CVE-2019-13705: Extension permission bypass\n * CVE-2019-13706: Out-of-bounds read in PDFium\n * CVE-2019-13707: File storage disclosure\n * CVE-2019-13708: HTTP authentication spoof\n * CVE-2019-13709: File download protection bypass\n * CVE-2019-13710: File download protection bypass\n * CVE-2019-13711: Cross-context information leak\n * CVE-2019-15903: Buffer overflow in expat\n * CVE-2019-13713: Cross-origin data leak\n * CVE-2019-13714: CSS injection\n * CVE-2019-13715: Address bar spoofing\n * CVE-2019-13716: Service worker state error\n * CVE-2019-13717: Notification obscured\n * CVE-2019-13718: IDN spoof\n * CVE-2019-13719: Notification obscured\n * CVE-2019-13693: Use-after-free in IndexedDB\n * CVE-2019-13694: Use-after-free in WebRTC\n * CVE-2019-13695: Use-after-free in audio\n * CVE-2019-13696: Use-after-free in V8\n * CVE-2019-13697: Cross-origin size leak.\n * CVE-2019-13685: Use-after-free in UI\n * CVE-2019-13688: Use-after-free in media\n * CVE-2019-13687: Use-after-free in media\n * CVE-2019-13686: Use-after-free in offline pages\n * CVE-2019-5870: Use-after-free in media\n * CVE-2019-5871: Heap overflow in Skia\n * CVE-2019-5872: Use-after-free in Mojo\n * CVE-2019-5874: External URIs may trigger other browsers\n * CVE-2019-5875: URL bar spoof via download redirect\n * CVE-2019-5876: Use-after-free in media\n * CVE-2019-5877: Out-of-bounds access in V8\n * CVE-2019-5878: Use-after-free in V8\n * CVE-2019-5879: Extension can bypass same origin policy\n * CVE-2019-5880: SameSite cookie bypass\n * CVE-2019-5881: Arbitrary read in SwiftShader\n * CVE-2019-13659: URL spoof\n * CVE-2019-13660: Full screen notification overlap\n * CVE-2019-13661: Full screen notification spoof\n * CVE-2019-13662: CSP bypass\n * CVE-2019-13663: IDN spoof\n * CVE-2019-13664: CSRF bypass\n * CVE-2019-13665: Multiple file download protection bypass\n * CVE-2019-13666: Side channel using storage size estimate\n * CVE-2019-13667: URI bar spoof when using external app URIs\n * CVE-2019-13668: Global window leak via console\n * CVE-2019-13669: HTTP authentication spoof\n * CVE-2019-13670: V8 memory corruption in regex\n * CVE-2019-13671: Dialog box fails to show origin\n * CVE-2019-13673: Cross-origin information leak using devtools\n * CVE-2019-13674: IDN spoofing\n * CVE-2019-13675: Extensions can be disabled by trailing slash\n * CVE-2019-13676: Google URI shown for certificate warning\n * CVE-2019-13677: Chrome web store origin needs to be isolated\n * CVE-2019-13678: Download dialog spoofing\n * CVE-2019-13679: User gesture needed for printing\n * CVE-2019-13680: IP address spoofing to servers\n * CVE-2019-13681: Bypass on download restrictions\n * CVE-2019-13682: Site isolation bypass\n * CVE-2019-13683: Exceptions leaked by devtools\n * CVE-2019-5869: Use-after-free in Blink\n * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction\n * CVE-2019-5867: Out-of-bounds read in V8\n * CVE-2019-5850: Use-after-free in offline page fetcher\n * CVE-2019-5860: Use-after-free in PDFium\n * CVE-2019-5853: Memory corruption in regexp length check\n * CVE-2019-5851: Use-after-poison in offline audio context\n * CVE-2019-5859: res: URIs can load alternative browsers\n * CVE-2019-5856: Insufficient checks on filesystem: URI permissions\n * CVE-2019-5855: Integer overflow in PDFium\n * CVE-2019-5865: Site isolation bypass from compromised renderer\n * CVE-2019-5858: Insufficient filtering of Open URL service parameters\n * CVE-2019-5864: Insufficient port filtering in CORS for extensions\n * CVE-2019-5862: AppCache not robust to compromised renderers\n * CVE-2019-5861: Click location incorrectly checked\n * CVE-2019-5857: Comparison of -0 and null yields crash\n * CVE-2019-5854: Integer overflow in PDFium text rendering\n * CVE-2019-5852: Object leak of utility functions\n\n", "edition": 1, "modified": "2019-11-07T00:11:42", "published": "2019-11-07T00:11:42", "id": "OPENSUSE-SU-2019:2447-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-01T16:27:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13687", "CVE-2019-13686", "CVE-2019-13685", "CVE-2019-13688"], "description": "This update for chromium to version 77.0.3865.90 fixes the following\n issues:\n\n - CVE-2019-13685: Fixed a use-after-free in UI. (boo#1151229)\n - CVE-2019-13688: Fixed a use-after-free in media. (boo#1151229)\n - CVE-2019-13687: Fixed a use-after-free in media. (boo#1151229)\n - CVE-2019-13686: Fixed a use-after-free in offline pages. (boo#1151229)\n\n This update was imported from the openSUSE:Leap:15.0:Update update project.\n\n", "edition": 1, "modified": "2019-10-01T15:11:54", "published": "2019-10-01T15:11:54", "id": "OPENSUSE-SU-2019:2228-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00001.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-01T16:27:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13687", "CVE-2019-13686", "CVE-2019-13685", "CVE-2019-13688"], "description": "This update for chromium to version 77.0.3865.90 fixes the following\n issues:\n\n - CVE-2019-13685: Fixed a use-after-free in UI. (boo#1151229)\n - CVE-2019-13688: Fixed a use-after-free in media. (boo#1151229)\n - CVE-2019-13687: Fixed a use-after-free in media. (boo#1151229)\n - CVE-2019-13686: Fixed a use-after-free in offline pages. (boo#1151229)\n\n This update was imported from the openSUSE:Leap:15.1:Update update project.\n\n", "edition": 1, "modified": "2019-10-01T15:10:49", "published": "2019-10-01T15:10:49", "id": "OPENSUSE-SU-2019:2229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00000.html", "title": "Security update for chromium (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2019-12-11T13:32:06", "bulletinFamily": "unix", "cvelist": ["CVE-2019-13659", "CVE-2019-13660", "CVE-2019-13661", "CVE-2019-13662", "CVE-2019-13663", "CVE-2019-13664", "CVE-2019-13665", "CVE-2019-13666", "CVE-2019-13667", "CVE-2019-13668", "CVE-2019-13669", "CVE-2019-13670", "CVE-2019-13671", "CVE-2019-13673", "CVE-2019-13674", "CVE-2019-13675", "CVE-2019-13676", "CVE-2019-13677", "CVE-2019-13678", "CVE-2019-13679", "CVE-2019-13680", "CVE-2019-13681", "CVE-2019-13682", "CVE-2019-13683", "CVE-2019-13685", "CVE-2019-13686", "CVE-2019-13687", "CVE-2019-13688", "CVE-2019-13691", "CVE-2019-13692", "CVE-2019-13693", "CVE-2019-13694", "CVE-2019-13695", "CVE-2019-13696", "CVE-2019-13697", "CVE-2019-5870", "CVE-2019-5871", "CVE-2019-5872", "CVE-2019-5874", "CVE-2019-5875", "CVE-2019-5876", "CVE-2019-5877", "CVE-2019-5878", "CVE-2019-5879", "CVE-2019-5880", "CVE-2019-5881"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 77.0.3865.120.\n\nSecurity Fix(es):\n\n* chromium-browser: Use-after-free in media (CVE-2019-5870)\n\n* chromium-browser: Heap overflow in Skia (CVE-2019-5871)\n\n* chromium-browser: Use-after-free in Mojo (CVE-2019-5872)\n\n* chromium-browser: External URIs may trigger other browsers (CVE-2019-5874)\n\n* chromium-browser: URL bar spoof via download redirect (CVE-2019-5875)\n\n* chromium-browser: Use-after-free in media (CVE-2019-5876)\n\n* chromium-browser: Out-of-bounds access in V8 (CVE-2019-5877)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-5878)\n\n* chromium-browser: Use-after-free in offline pages (CVE-2019-13686)\n\n* chromium-browser: Use-after-free in media (CVE-2019-13688)\n\n* chromium-browser: Omnibox spoof (CVE-2019-13691)\n\n* chromium-browser: SOP bypass (CVE-2019-13692)\n\n* chromium-browser: Use-after-free in IndexedDB (CVE-2019-13693)\n\n* chromium-browser: Use-after-free in WebRTC (CVE-2019-13694)\n\n* chromium-browser: Use-after-free in audio (CVE-2019-13695)\n\n* chromium-browser: Use-after-free in V8 (CVE-2019-13696)\n\n* chromium-browser: Cross-origin size leak (CVE-2019-13697)\n\n* chromium-browser: Extensions can read some local files (CVE-2019-5879)\n\n* chromium-browser: SameSite cookie bypass (CVE-2019-5880)\n\n* chromium-browser: Arbitrary read in SwiftShader (CVE-2019-5881)\n\n* chromium-browser: URL spoof (CVE-2019-13659)\n\n* chromium-browser: Full screen notification overlap (CVE-2019-13660)\n\n* chromium-browser: Full screen notification spoof (CVE-2019-13661)\n\n* chromium-browser: CSP bypass (CVE-2019-13662)\n\n* chromium-browser: IDN spoof (CVE-2019-13663)\n\n* chromium-browser: CSRF bypass (CVE-2019-13664)\n\n* chromium-browser: Multiple file download protection bypass (CVE-2019-13665)\n\n* chromium-browser: Side channel using storage size estimate (CVE-2019-13666)\n\n* chromium-browser: URI bar spoof when using external app URIs (CVE-2019-13667)\n\n* chromium-browser: Global window leak via console (CVE-2019-13668)\n\n* chromium-browser: HTTP authentication spoof (CVE-2019-13669)\n\n* chromium-browser: V8 memory corruption in regex (CVE-2019-13670)\n\n* chromium-browser: Dialog box fails to show origin (CVE-2019-13671)\n\n* chromium-browser: Cross-origin information leak using devtools (CVE-2019-13673)\n\n* chromium-browser: IDN spoofing (CVE-2019-13674)\n\n* chromium-browser: Extensions can be disabled by trailing slash (CVE-2019-13675)\n\n* chromium-browser: Google URI shown for certificate warning (CVE-2019-13676)\n\n* chromium-browser: Chrome web store origin needs to be isolated (CVE-2019-13677)\n\n* chromium-browser: Download dialog spoofing (CVE-2019-13678)\n\n* chromium-browser: User gesture needed for printing (CVE-2019-13679)\n\n* chromium-browser: IP address spoofing to servers (CVE-2019-13680)\n\n* chromium-browser: Bypass on download restrictions (CVE-2019-13681)\n\n* chromium-browser: Site isolation bypass (CVE-2019-13682)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-10-31T02:20:13", "published": "2019-10-29T13:12:54", "id": "RHSA-2019:3211", "href": "https://access.redhat.com/errata/RHSA-2019:3211", "type": "redhat", "title": "(RHSA-2019:3211) Critical: chromium-browser security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:50:15", "bulletinFamily": "info", "cvelist": ["CVE-2019-13687", "CVE-2019-13686", "CVE-2019-13685", "CVE-2019-13688"], "description": "### *Detect date*:\n09/26/2019\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service.\n\n### *Affected products*:\nOpera earlier than 64.0.3417.32\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 64](<https://blogs.opera.com/desktop/changelog-for-64/#b3417.32>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2019-13685](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685>)0.0Unknown \n[CVE-2019-13687](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687>)0.0Unknown \n[CVE-2019-13688](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688>)0.0Unknown \n[CVE-2019-13686](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686>)0.0Unknown", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-09-26T00:00:00", "id": "KLA11742", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11742", "title": "\r KLA11742Multiple vulnerabilities in Opera ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}