Search...

APPLE-SA-2014-03-10-1 iOS 7.1

2014-03-13T00:00:00

ID SECURITYVULNS:DOC:30357
Type securityvulns
Reporter Securityvulns
Modified 2014-03-13T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-03-10-1 iOS 7.1

iOS 7.1 is now available and addresses the following:

Backup Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process. CVE-ID CVE-2013-5133 : evad3rs

Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots.

Configuration Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. The issue was resolved through improved handling of configuration profiles. CVE-ID CVE-2014-1267

CoreCapture Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application can cause an unexpected system termination Description: A reachable assertion issue existed in CoreCapture's handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit. CVE-ID CVE-2014-1271 : Filippo Bigarella

Crash Reporting Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs

dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions. CVE-ID CVE-2014-1273 : evad3rs

FaceTime Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to access FaceTime contacts from the lock screen Description: FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. This issue was addressed through improved handling of FaceTime calls. CVE-ID CVE-2014-1274

ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 images in PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1275 : Felix Groebert of the Google Security Team

ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. CVE-ID CVE-2012-2088

ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed through additional validation of JPEG files. CVE-ID CVE-2013-6629 : Michal Zalewski

IOKit HID Event Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may monitor on user actions in other apps Description: An interface in IOKit framework allowed malicious apps to monitor on user actions in other apps. This issue was addressed through improved access control policies in the framework. CVE-ID CVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye

iTunes Store Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects. CVE-ID CVE-2014-1277 : Stefan Esser

Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1278 : evad3rs

Office Viewer Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in the handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team

Photos Backend Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Deleted images may still appear in the Photos app underneath transparent images Description: Deleting an image from the asset library did not delete cached versions of the image. This issue was addressed through improved cache management. CVE-ID CVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams, Tom Pennington

Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A configuration profile may be hidden from the user Description: A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. The issue was addressed through improved handling of profile names. CVE-ID CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure

Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: User credentials may be disclosed to an unexpected site via autofill Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5227 : Niklas Malmgren of Klarna AB

Settings - Accounts Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1284

Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device has not been activated Description: An unexpected application termination during activation could cause the phone to show the home screen. The issue was addressed through improved error handling during activation. CVE-ID CVE-2014-1285 : Roboboi99

SpringBoard Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause the lock screen to become unresponsive Description: A state management issue existed in the lock screen. This issue was addressed through improved state management. CVE-ID CVE-2014-1286 : Bogdan Alecu of M-sec.net

TelephonyUI Framework Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A webpage could trigger a FaceTime audio call without user interaction Description: Safari did not consult the user before launching facetime-audio:// URLs. This issue was addressed with the addition of a confirmation prompt. CVE-ID CVE-2013-6835 : Guillaume Ross

USB Host Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to cause arbitrary code execution in kernel mode Description: A memory corruption issue existed in the handling of USB messages. This issue was addressed through additional validation of USB messages. CVE-ID CVE-2014-1287 : Andy Davis of NCC Group

Video Driver Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a maliciously crafted video could lead to the device becoming unresponsive Description: A null dereference issue existed in the handling of MPEG-4 encoded files. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1280 : rg0rd

WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative CVE-2013-6625 : cloudfuzzer CVE-2013-6635 : cloudfuzzer CVE-2014-1269 : Apple CVE-2014-1270 : Apple CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team CVE-2014-1291 : Google Chrome Security Team CVE-2014-1292 : Google Chrome Security Team CVE-2014-1293 : Google Chrome Security Team CVE-2014-1294 : Google Chrome Security Team

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings

Select General

Select About. The version after applying this update will be "7.1".

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTGlvJAAoJEPefwLHPlZEwh2cP/iOvfDbgv78TKX2hsxttcy8l NTK4EbpYO0rEpqbQukIHwBrb+PtEWK4tdxWPNQV+8GnCPaLqmMXWxHZPkI02qXjI UxYNgPq+9MPcoFFdbbptz4azcwFa0rdsQtxL0MYRrUqW5ml86zjGsVWUDGMDFu9R fuujvU/JOGoIYVxFQziEScnMfryw61b/JObcT/mDzXv/IcKhuMzMfp4cbnXq7Mmx NOpIQ0syx5oH7jadJA72iX7UyUuoydAcD3gaJDbLLfjEM8giDTL/TmH1HpuJjDHq Zmj0NMlMqAztoFzpHZxlJ6kYjFYs7heyWgm3HQ+dwT0cDajFEZUEJGuBBO+P6dwp cVlhDJ87crsP2ctUn46EUGFw5fFZRPEUqm4r0M/3o8z2ZPDqFxIBwMHEEV2LJtuN lKjHYYWTO9BZOg87pm/HLpNqqTEz7J1eDWVJiRh5kZarp8w5KgZhBhYkltlPKwOo Uh1SvUH+CjgNQTObSLv+e2EJ0So8gi3xBGHOrOdcof33fTsyL4WDvHEIvs4l1jUY f29uha46K3dVZpJtFV3xTiwm6fodWgTR4xhWSAAVI2V8V4KLQMEHu7+eV+cURmme JLdVgzxXw0uZHP874Uy60qR+6KBdEkIvgAoDHmd9jLnZMJTQAcn7PjcZz2z/V25u 3bQ2RrEc85Xqs7adpinL =W1ik -----END PGP SIGNATURE-----

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:30357", "bulletinFamily": "software", "title": "APPLE-SA-2014-03-10-1 iOS 7.1", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-03-10-1 iOS 7.1\r\n\r\niOS 7.1 is now available and addresses the following:\r\n\r\nBackup\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted backup can alter the filesystem\r\nDescription: A symbolic link in a backup would be restored, allowing\r\nsubsequent operations during the restore to write to the rest of the\r\nfilesystem. This issue was addressed by checking for symbolic links\r\nduring the restore process.\r\nCVE-ID\r\nCVE-2013-5133 : evad3rs\r\n\r\nCertificate Trust Policy\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Root certificates have been updated\r\nDescription: Several certificates were added to or removed from the\r\nlist of system roots.\r\n\r\nConfiguration Profiles\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Profile expiration dates were not honored\r\nDescription: Expiration dates of mobile configuration profiles were\r\nnot evaluated correctly. The issue was resolved through improved\r\nhandling of configuration profiles.\r\nCVE-ID\r\nCVE-2014-1267\r\n\r\nCoreCapture\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application can cause an unexpected system\r\ntermination\r\nDescription: A reachable assertion issue existed in CoreCapture's\r\nhandling of IOKit API calls. The issue was addressed through\r\nadditional validation of input from IOKit.\r\nCVE-ID\r\nCVE-2014-1271 : Filippo Bigarella\r\n\r\nCrash Reporting\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to change permissions on arbitrary\r\nfiles\r\nDescription: CrashHouseKeeping followed symbolic links while\r\nchanging permissions on files. This issue was addressed by not\r\nfollowing symbolic links when changing permissions on files.\r\nCVE-ID\r\nCVE-2014-1272 : evad3rs\r\n\r\ndyld\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Code signing requirements may be bypassed\r\nDescription: Text relocation instructions in dynamic libraries may\r\nbe loaded by dyld without code signature validation. This issue was\r\naddressed by ignoring text relocation instructions.\r\nCVE-ID\r\nCVE-2014-1273 : evad3rs\r\n\r\nFaceTime\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\naccess FaceTime contacts from the lock screen\r\nDescription: FaceTime contacts on a locked device could be exposed\r\nby making a failed FaceTime call from the lock screen. This issue was\r\naddressed through improved handling of FaceTime calls.\r\nCVE-ID\r\nCVE-2014-1274\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nimages in PDF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1275 : Felix Groebert of the Google Security Team\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of TIFF\r\nimages. This issue was addressed through additional validation of\r\nTIFF images.\r\nCVE-ID\r\nCVE-2012-2088\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted JPEG file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nlibjpeg's handling of JPEG markers, resulting in the disclosure of\r\nmemory contents. This issue was addressed through additional\r\nvalidation of JPEG files.\r\nCVE-ID\r\nCVE-2013-6629 : Michal Zalewski\r\n\r\nIOKit HID Event\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may monitor on user actions in other\r\napps\r\nDescription: An interface in IOKit framework allowed malicious apps\r\nto monitor on user actions in other apps. This issue was addressed\r\nthrough improved access control policies in the framework.\r\nCVE-ID\r\nCVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye\r\n\r\niTunes Store\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A man-in-the-middle attacker may entice a user into\r\ndownloading a malicious app via Enterprise App Download\r\nDescription: An attacker with a privileged network position could\r\nspoof network communications to entice a user into downloading a\r\nmalicious app. This issue was mitigated by using SSL and prompting\r\nthe user during URL redirects.\r\nCVE-ID\r\nCVE-2014-1277 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: An out of bounds memory access issue existed in the ARM\r\nptmx_get_ioctl function. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1278 : evad3rs\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted Microsoft Word document may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A double free issue existed in the handling of\r\nMicrosoft Word documents. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2014-1252 : Felix Groebert of the Google Security Team\r\n\r\nPhotos Backend\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Deleted images may still appear in the Photos app underneath\r\ntransparent images\r\nDescription: Deleting an image from the asset library did not delete\r\ncached versions of the image. This issue was addressed through\r\nimproved cache management.\r\nCVE-ID\r\nCVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams,\r\nTom Pennington\r\n\r\nProfiles\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A configuration profile may be hidden from the user\r\nDescription: A configuration profile with a long name could be\r\nloaded onto the device but was not displayed in the profile UI. The\r\nissue was addressed through improved handling of profile names.\r\nCVE-ID\r\nCVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: User credentials may be disclosed to an unexpected site via\r\nautofill\r\nDescription: Safari may have autofilled user names and passwords\r\ninto a subframe from a different domain than the main frame. This\r\nissue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5227 : Niklas Malmgren of Klarna AB\r\n\r\nSettings - Accounts\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\ndisable Find My iPhone without entering an iCloud password\r\nDescription: A state management issue existed in the handling of the\r\nFind My iPhone state. This issue was addressed through improved\r\nhandling of Find My iPhone state.\r\nCVE-ID\r\nCVE-2014-1284\r\n\r\nSpringboard\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nsee the home screen of the device even if the device has not been\r\nactivated\r\nDescription: An unexpected application termination during activation\r\ncould cause the phone to show the home screen. The issue was\r\naddressed through improved error handling during activation.\r\nCVE-ID\r\nCVE-2014-1285 : Roboboi99\r\n\r\nSpringBoard Lock Screen\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker may be able to cause the lock screen to\r\nbecome unresponsive\r\nDescription: A state management issue existed in the lock screen.\r\nThis issue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2014-1286 : Bogdan Alecu of M-sec.net\r\n\r\nTelephonyUI Framework\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A webpage could trigger a FaceTime audio call without user\r\ninteraction\r\nDescription: Safari did not consult the user before launching\r\nfacetime-audio:// URLs. This issue was addressed with the addition of\r\na confirmation prompt.\r\nCVE-ID\r\nCVE-2013-6835 : Guillaume Ross\r\n\r\nUSB Host\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\ncause arbitrary code execution in kernel mode\r\nDescription: A memory corruption issue existed in the handling of\r\nUSB messages. This issue was addressed through additional validation\r\nof USB messages.\r\nCVE-ID\r\nCVE-2014-1287 : Andy Davis of NCC Group\r\n\r\nVideo Driver\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Playing a maliciously crafted video could lead to the device\r\nbecoming unresponsive\r\nDescription: A null dereference issue existed in the handling of\r\nMPEG-4 encoded files. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2014-1280 : rg0rd\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "7.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTGlvJAAoJEPefwLHPlZEwh2cP/iOvfDbgv78TKX2hsxttcy8l\r\nNTK4EbpYO0rEpqbQukIHwBrb+PtEWK4tdxWPNQV+8GnCPaLqmMXWxHZPkI02qXjI\r\nUxYNgPq+9MPcoFFdbbptz4azcwFa0rdsQtxL0MYRrUqW5ml86zjGsVWUDGMDFu9R\r\nfuujvU/JOGoIYVxFQziEScnMfryw61b/JObcT/mDzXv/IcKhuMzMfp4cbnXq7Mmx\r\nNOpIQ0syx5oH7jadJA72iX7UyUuoydAcD3gaJDbLLfjEM8giDTL/TmH1HpuJjDHq\r\nZmj0NMlMqAztoFzpHZxlJ6kYjFYs7heyWgm3HQ+dwT0cDajFEZUEJGuBBO+P6dwp\r\ncVlhDJ87crsP2ctUn46EUGFw5fFZRPEUqm4r0M/3o8z2ZPDqFxIBwMHEEV2LJtuN\r\nlKjHYYWTO9BZOg87pm/HLpNqqTEz7J1eDWVJiRh5kZarp8w5KgZhBhYkltlPKwOo\r\nUh1SvUH+CjgNQTObSLv+e2EJ0So8gi3xBGHOrOdcof33fTsyL4WDvHEIvs4l1jUY\r\nf29uha46K3dVZpJtFV3xTiwm6fodWgTR4xhWSAAVI2V8V4KLQMEHu7+eV+cURmme\r\nJLdVgzxXw0uZHP874Uy60qR+6KBdEkIvgAoDHmd9jLnZMJTQAcn7PjcZz2z/V25u\r\n3bQ2RrEc85Xqs7adpinL\r\n=W1ik\r\n-----END PGP SIGNATURE-----\r\n", "published": "2014-03-13T00:00:00", "modified": "2014-03-13T00:00:00", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30357", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2013-5133", "CVE-2014-1284", "CVE-2014-1271", "CVE-2014-1281", "CVE-2014-1276", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-6835", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2014-1252", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1286", "CVE-2013-5227", "CVE-2014-1282", "CVE-2014-1274", "CVE-2014-1285", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2014-1277", "CVE-2012-2088", "CVE-2013-6629", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:50", "edition": 1, "viewCount": 9, "enchantments": {"score": {"value": 8.4, "vector": "NONE", "modified": "2018-08-31T11:10:50", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13662", "SECURITYVULNS:DOC:30138", "SECURITYVULNS:DOC:30333", "SECURITYVULNS:VULN:14051", "SECURITYVULNS:VULN:13581", "SECURITYVULNS:DOC:30447", "SECURITYVULNS:VULN:13600", "SECURITYVULNS:DOC:31304", "SECURITYVULNS:DOC:30427", "SECURITYVULNS:DOC:30358"]}, {"type": "nessus", "idList": ["OPENSUSE-2013-876.NASL", "ITUNES_12_0_1_BANNER.NASL", "MACOSX_SAFARI7_0_2.NASL", "FREEBSD_PKG_710CD5D535CB11E385F900262D5ED8EE.NASL", "MACOSX_SAFARI7_0_1.NASL", "ITUNES_12_0_1.NASL", "GOOGLE_CHROME_30_0_1599_101.NASL", "APPLETV_6_1.NASL", "MACOSX_SAFARI7_0_3.NASL", "MACOSX_GOOGLE_CHROME_30_0_1599_101.NASL"]}, {"type": "seebug", "idList": ["SSV:61778", "SSV:61195", "SSV:61196", "SSV:61577", "SSV:85627"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850556", "OPENVAS:1361412562310810742", "OPENVAS:1361412562310804319", "OPENVAS:1361412562310804114", "OPENVAS:871090", "OPENVAS:1361412562310804116", "OPENVAS:850556", "OPENVAS:1361412562310804177", "OPENVAS:1361412562310804115", "OPENVAS:1361412562310871090"]}, {"type": "cve", "idList": ["CVE-2013-5227", "CVE-2013-5228", "CVE-2013-6635", "CVE-2013-5199", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-5197", "CVE-2013-6625", "CVE-2013-5133", "CVE-2013-5196"]}, {"type": "threatpost", "idList": ["THREATPOST:ABEA11AE947E374781FDDE1B4D657A2A", "THREATPOST:9BAC5755415C910E301217E17E3133BC"]}, {"type": "f5", "idList": ["F5:K59503294", "SOL15863", "SOL59503294"]}, {"type": "symantec", "idList": ["SMNTC-63676"]}, {"type": "freebsd", "idList": ["710CD5D5-35CB-11E3-85F9-00262D5ED8EE"]}, {"type": "zdi", "idList": ["ZDI-13-286", "ZDI-14-057"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:125659", "PACKETSTORM:125727"]}, {"type": "exploitdb", "idList": ["EDB-ID:39114", "EDB-ID:32333"]}, {"type": "zdt", "idList": ["1337DAY-ID-22015", "1337DAY-ID-22035"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:1776-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:00938B19CD6D4E016B1143AB61A69BCA"]}, {"type": "mscve", "idList": ["MS:CVE-2013-6629"]}], "modified": "2018-08-31T11:10:50", "rev": 2}, "vulnersScore": 8.4}, "affectedSoftware": []}

{"securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2013-5133", "CVE-2014-1284", "CVE-2014-1271", "CVE-2014-1281", "CVE-2014-1276", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-6835", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2014-1252", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1286", "CVE-2013-5227", "CVE-2014-1282", "CVE-2014-1274", "CVE-2014-1285", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2014-1277", "CVE-2012-2088", "CVE-2013-6629", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "description": "Symbolic links vulnerability, root certificates problems, protection bypass, DoS, privilege escalation, memory corruption, information leakage, code execution.", "edition": 1, "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "SECURITYVULNS:VULN:13600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13600", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2014-1271", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1282", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2012-2088", "CVE-2013-6629", "CVE-2014-1279", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-03-10-2 Apple TV 6.1\r\n\r\nApple TV 6.1 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with access to an Apple TV may access sensitive\r\nuser information from logs\r\nDescription: Sensitive user information was logged. This issue was\r\naddressed by logging less information.\r\nCVE-ID\r\nCVE-2014-1279 : David Schuetz working at Intrepidus Group\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Profile expiration dates were not honored\r\nDescription: Expiration dates of mobile configuration profiles were\r\nnot evaluated correctly. The issue was resolved through improved\r\nhandling of configuration profiles.\r\nCVE-ID\r\nCVE-2014-1267\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A malicious application can cause an unexpected system\r\ntermination\r\nDescription: A reachable assertion issue existed in CoreCapture's\r\nhandling of IOKit API calls. The issue was addressed through\r\nadditional validation of input from IOKit.\r\nCVE-ID\r\nCVE-2014-1271 : Filippo Bigarella\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A local user may be able to change permissions on arbitrary\r\nfiles\r\nDescription: CrashHouseKeeping followed symbolic links while\r\nchanging permissions on files. This issue was addressed by not\r\nfollowing symbolic links when changing permissions on files.\r\nCVE-ID\r\nCVE-2014-1272 : evad3rs\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Code signing requirements may be bypassed\r\nDescription: Text relocation instructions in dynamic libraries may\r\nbe loaded by dyld without code signature validation. This issue was\r\naddressed by ignoring text relocation instructions.\r\nCVE-ID\r\nCVE-2014-1273 : evad3rs\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nimages in PDF files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-1275 : Felix Groebert of the Google Security Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of TIFF\r\nimages. This issue was addressed through additional validation of\r\nTIFF images.\r\nCVE-ID\r\nCVE-2012-2088\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted JPEG file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nlibjpeg's handling of JPEG markers, resulting in the disclosure of\r\nmemory contents. This issue was addressed through additional\r\nvalidation of JPEG files.\r\nCVE-ID\r\nCVE-2013-6629 : Michal Zalewski\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: An out of bounds memory access issue existed in the ARM\r\nptmx_get_ioctl function. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1278 : evad3rs\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A configuration profile may be hidden from the user\r\nDescription: A configuration profile with a long name could be\r\nloaded onto the device but was not displayed in the profile UI. The\r\nissue was addressed through improved handling of profile names.\r\nCVE-ID\r\nCVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A person with physical access to the device may be able to\r\ncause arbitrary code execution in kernel mode\r\nDescription: A memory corruption issue existed in the handling of\r\nUSB messages. This issue was addressed through additional validation\r\nof USB messages.\r\nCVE-ID\r\nCVE-2014-1287 : Andy Davis of NCC Group\r\n\r\nWebKit\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Playing a maliciously crafted video could lead to the device\r\nbecoming unresponsive\r\nDescription: A null dereference issue existed in the handling of\r\nMPEG-4 encoded files. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2014-1280 : rg0rd\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTGlvfAAoJEPefwLHPlZEw8GEP/ikatTiohUPRvpjubarcXePV\r\nz6ixKxmqUUvSy+AlyFTsCpvB1IEipSx5hKbYsxk5+4qAVsYG3VEpLNJKBarUHQN8\r\nK1+I77xF5osLxrypWV6vEDqqFDcZyflumtvfdj7EmWf/FcWnOooRQt7wVVrzrCCh\r\n40nfspy1YjNi1EO2p6dDlzi+yvEGF5CHg8R1zSFf7ozLPoCABlnbdzXxh+nYoI+E\r\ny65R4Eo7OBhVH5mJvBczjsHu/GljR3y/yi3NSnoV5ga5SfaaOlwa8emgNooeEs3u\r\nghkfm2UxkjtdNkpVMfwFp35oLESIl6pMd2dtH2sU4MwRK3h8rvFeS/zJRZmwEIXO\r\n5+9tNop1hmF52aVKRZAJ4/A9kbTC3pKd0PxvKsveB6Pgxbq9eDfueMC/r6FtOZDa\r\nis95LuLtf26h8xQt8FovY7Cm80ckOT4mJnvzfmpGmUSK4PHsNfJwfJOBa1yMHTJg\r\nCDfg+jGhHy7DJuawekzQjcvkz34YWg7Lp25ZJilvZf8dGB2R4g+hikdOrWKI4vFj\r\nx7LGZg6IPaHFt0MPgjnoV1FhABnXksD41uIAQP2LhDrHWnRgTeJoGwQ2SuZjSA6w\r\nT/DzhicTLq6MDSBjlbt6EJ4gtxWlYDfeAfJcFb/Aret+2L7570q18EkLRbiI8e6k\r\n3NksAqBIKSpadFt+M8wt\r\n=xjrI\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30358", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30358", "title": "APPLE-SA-2014-03-10-2 Apple TV 6.1", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-5228", "CVE-2013-5197", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-5199", "CVE-2013-5195", "CVE-2013-5227", "CVE-2013-2909"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1\r\n\r\nSafari 6.1.1 and Safari 7.0.1 are now available and address the\r\nfollowing:\r\n\r\nSafari\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9\r\nImpact: User credentials may be disclosed to an unexpected site via\r\nautofill\r\nDescription: Safari may have autofilled user names and passwords\r\ninto a subframe from a different domain than the main frame. This\r\nissue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5227 : Niklas Malmgren of Klarna AB\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-5195 : Apple\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\n\r\nFor OS X Mavericks systems, Safari 7.0.1 will be included\r\nin OS X Mavericks 10.9.1.\r\n\r\nFor OS X Mountain Lion systems Safari 6.1 may be obtained from\r\nMac App Store.\r\n\r\nFor OS X Lion systems Safari 6.1 is available via the Apple Software\r\nUpdate application.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJSr0zmAAoJEPefwLHPlZEwb4oP/AwH5IgQlOh/lJgr5PVxS8uv\r\n5hVhjfokGe59RTsuDT2q08VmP16oI/Vajrmh1jDRWv7O6eH0UY+AEj1+ePgWzTP6\r\nsL8Dqft5cVo4R0gDtwE1x9/uD5qM9zZWdYooMifCA6V0epjZLc/3My0dw3y3OFSR\r\n0NlB4lD4cjQ4if+5UrdT7P1yvKxMred7/iZkmMPrQxqyuF9kNHL34tx4C/dCfoYm\r\n6MQuh/mkeRMKxEsgaJc+RSBB5KGRU86kEHbg5Aq2rWi6IhWiZ/8MByd0S5LofPOL\r\nG34ObAicWpGG6wA/6Os6Xt1EgtOuE7R/K27wZO18VmVEAaaKXMQ+QG8+FdTRdLpE\r\ntwvUkGRcHXsi8En3Vh/9nva4Dst9tohBGdAY0mOANLpiwrdMpwMTQePz9g4aehDH\r\noGbHU9yok4uoZXAYXYPMUr6grmUSHrfP4dveAavVYuauRi1sTGZps5TTjkaXmla4\r\nQU02YJ3TLEy/qMRdtPjpiRx22NMKghXJ7P9qjDJYyXFclnQ9kL28sMP98MFwcmlL\r\ndhYFhH1V37KfVp/N4MQtxlA3gLLmc/WLmkp8M3VL4F+KlbRDvX9AwygG7GqQY584\r\njBXwyllVT1JYBFAkMz7LfiI8WxrASj4fMB7hZ5ZErpSUgjf4d0c43PIdm/Brq9O4\r\nALlOLWBeXRmbJg3VBSjw\r\n=fhyS\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-12-24T00:00:00", "published": "2013-12-24T00:00:00", "id": "SECURITYVULNS:DOC:30138", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30138", "title": "APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-6835"], "description": "\r\n\r\n\r\n- Affected Vendor: https://www.apple.com/\r\n- Affected Software: Safari/Facetime on iOS\r\n- Affected Version: iOS 7 prior to 7.1 \r\n- Issue Type: Lack of user confirmation leading to a call being established, revealing the user's identity (phone number or email address)\r\n- Release Date: March 10, 2014\r\n- Discovered by: Guillaume Ross / @gepeto42\r\n- CVE Identifier: CVE-2013-6835\r\n- Issue Status: Vendor has published iOS 7.1 which resolves this issue by adding a prompt before establishing the call.\r\n\r\n**Summary**\r\n\r\nFacetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. \r\nThe URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site.\r\n\r\nBy entering the URL in an inline frame, the attack is automated, and similar to a CSRF attack across apps. Safari does not prompt the user before establishing the call.\r\n\r\n**Impact**\r\n\r\nA user browsing the web could click a malicious link or load a page containing a malicious link within an inline frame. The user would then automatically contact the phone number or email address specified in the URL, revealing his identity to the attacker.\r\n\r\n**Proof of Concept**\r\n\r\nEntering the following URL in iOS would trigger the call to the email address specified: facetime-audio://user@host.com\r\n\r\nThis inline frame would have the user call the specified email address as soon as the HTML page is loaded, without prompting the user:\r\n\r\n <iframe src="facetime-audio://user@host.com"></iframe>\r\n\r\nSecurity Content of iOS 7.1: http://support.apple.com/kb/HT6162\r\n", "edition": 1, "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "SECURITYVULNS:DOC:30427", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30427", "title": "[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1270", "CVE-2014-1268", "CVE-2014-1269"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:VULN:13581", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13581", "title": "Apple WebKit / Safari multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1270", "CVE-2014-1268", "CVE-2014-1269"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2\r\n\r\nSafari 6.1.2 and Safari 7.0.2 is now available and addresses the\r\nfollowing:\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.1\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2014-1268 : Apple\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\n\r\nFor OS X Mavericks systems, Safari 7.0.2 will be included\r\nin OS X Mavericks 10.9.2.\r\n\r\nFor OS X Mountain Lion systems Safari 6.1.2 may be obtained from\r\nMac App Store.\r\n\r\nFor OS X Lion systems Safari 6.1.2 is available via the Apple Software\r\nUpdate application.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJTDNegAAoJEPefwLHPlZEwMjUQAJBWV8XC85kZjDFC7FgHzIln\r\noU9Kc9DNCI9ymv0wfXWBHR07QZrtOugEUC2Wpj7GB/QVjwFUlLs0/yU7tddHiMif\r\nD/OsqSNB1Y7n2Le1fzgQbaiNo56oTNFLs/+hivTp6Wgv8ScJ421V9PfSfN8qK1BY\r\ncqhXuReuB5tiuwYgNcnT803sUWu8aG2IVSZE4uUXgivEC7zXTAXtfXXMbeV8q76W\r\nyyvwiTZ0RkQi4bto0Xgie01MbFCJMmcdXHjTRq6o+P4aMYcjqTgaMEwChxM7S2JC\r\nfI24bn6CTBpH8fAHj/b7dMgHMp8TVGmwC7XVQroMnyrK5QBovHjym40qK7Sn8A1o\r\nGotUP6hyniAFChLSDlZqskR5DKJIQwL65wIJMpANA37TtRjvWvDmFj2fCTO4fg/A\r\nWSbRsks0HXWjSZcsi4UK4BsOADeac/FxAPFIo6biZLGacP1Gb3i/fIuTlvSLGkxH\r\nT1HvJDtLt5qMO56De3DeGN2HChle6TPGCZIZuGnjm/1mOFpr6ncPgUWExvOc46pJ\r\nElLoLtZoePttEL8KS6iPrEXvmjfw92GTkCYd9AGbKefx3UrIZJeOuaoNMDBBWJrR\r\nwHEz9wECF18LqhdhmnVCsFwAnUmMm6BfQrdaIOXYdvkT6tudbOYyYJ2E3G7U9GVR\r\nvgHI3c7JfmZu/ocYgqGm\r\n=DVSA\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:DOC:30333", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30333", "title": "APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1289", "CVE-2014-1307", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1292", "CVE-2014-1291", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1301", "CVE-2013-6625", "CVE-2014-1303", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1297", "CVE-2014-1713", "CVE-2014-1293", "CVE-2013-2871", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1300", "CVE-2014-1302", "CVE-2013-2928", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "description": "Multiple memory corruptions, restrictions bypass.", "edition": 1, "modified": "2014-04-03T00:00:00", "published": "2014-04-03T00:00:00", "id": "SECURITYVULNS:VULN:13662", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13662", "title": "Apple Safari multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-1289", "CVE-2014-1307", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1292", "CVE-2014-1291", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1301", "CVE-2013-6625", "CVE-2014-1303", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1297", "CVE-2014-1713", "CVE-2014-1293", "CVE-2013-2871", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1300", "CVE-2014-1302", "CVE-2013-2928", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3\r\n\r\nSafari 6.1.3 and Safari 7.0.3 are now available and address the\r\nfollowing:\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1301 : Google Chrome Security Team\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: An attacker running arbitary code in the WebProcess may be\r\nable to read arbitrary files despite sandbox restrictions\r\nDescription: A logic issue existed in the handling of IPC messages\r\nfrom the WebProcess. This issue was addressed through additional\r\nvalidation of IPC messages.\r\nCVE-ID\r\nCVE-2014-1297 : Ian Beer of Google Project Zero\r\n\r\nFor OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3\r\nand Safari 6.1.3 may be obtained from Mac App Store.\r\n\r\nFor OS X Lion systems Safari 6.1.3 is available via the Apple\r\nSoftware Update application.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTOwlLAAoJEPefwLHPlZEwmPYP/AoGVbrVVEQfbWZ/OMER6jCR\r\nbDN4ykWdExJFRKr972tsirke9mLrDX1Flqg3jYpqrna6lWsZxk1wA/IXy4TRG97O\r\nmpA75r7853lCJ482h5XImTdv6wWqMfTTNR1YzsK+TCLZA3sDlByQ4yshwGWhOf1Q\r\nnY+hPpaC05PEmPeNKMWw6PA9IgA9e84uy0b/3+c2acOUZ9aAYEXmydPySY+5uYLa\r\necXjvee83LVTu8Pq2/C9yCJ1kI1EMix6Q3CTb2Cv/Dtgu1q7rZMG7qKieFpMKO2J\r\nxM7RYm1qPNlZ4hf+ZPX+D4+k6g2sZMqYdocdG1qXubk8m314CinHajdsZH9jXDHO\r\n01gnYeMRp2IUBJlClQ7mPyIveJqJV9XpzvMTciuTVEuhzWhMaazzly8dp+8NCu4Q\r\nQShPJKqAq16ACJqqOarwo8xaSumZ3UcKhVrD0Gxo1/dhzO1Hy52yo7WrWLaOVH89\r\nbXPeVMfYIF0V9xysbixNmBIEro0mYDuor/XlXBFicZAjmyGEVE04K4UjenMeDoYO\r\n/1A2zaVyM9MD50y+X/rFErtz2cj7uNcZ1XSNqPdGameoti5WvvoRbKs/D/H7E8bX\r\np8JDoVJoy46fOBfwNv6eaQYTGYzgtdoEtmTKL3zDauQC1bxI1Jwtma07S97D2SyJ\r\nurMcI/V2h8JnGD4sS/7L\r\n=kHuK\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-04-03T00:00:00", "published": "2014-04-03T00:00:00", "id": "SECURITYVULNS:DOC:30447", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30447", "title": "APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1363", "CVE-2014-1324", "CVE-2014-4413", "CVE-2013-5228", "CVE-2014-1366", "CVE-2014-1386", "CVE-2014-1365", "CVE-2014-1342", "CVE-2014-1289", "CVE-2014-4412", "CVE-2014-1364", "CVE-2014-1307", "CVE-2014-1335", "CVE-2014-1387", "CVE-2014-1323", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1389", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1338", "CVE-2014-1268", "CVE-2014-4411", "CVE-2014-1291", "CVE-2014-1382", "CVE-2014-4415", "CVE-2013-5197", "CVE-2014-1385", "CVE-2013-5196", "CVE-2014-1368", "CVE-2014-1327", "CVE-2013-5225", "CVE-2014-1325", "CVE-2014-1336", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1362", "CVE-2014-1301", "CVE-2013-5198", "CVE-2013-6663", "CVE-2014-1340", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1337", "CVE-2014-1303", "CVE-2014-1331", "CVE-2013-2875", "CVE-2014-1731", "CVE-2013-5199", "CVE-2014-1344", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1330", "CVE-2014-1367", "CVE-2013-5195", "CVE-2014-1713", "CVE-2014-1334", "CVE-2014-1329", "CVE-2014-1293", "CVE-2014-1326", "CVE-2014-1384", "CVE-2013-2927", "CVE-2014-4410", "CVE-2014-1343", "CVE-2013-2871", "CVE-2013-2909", "CVE-2014-4414", "CVE-2014-1333", "CVE-2014-1341", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1300", "CVE-2014-1302", "CVE-2014-1388", "CVE-2013-2928", "CVE-2014-1339", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "description": "84 vulnerabilities on different formats and protocols parsing.", "edition": 1, "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:VULN:14051", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14051", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-6635", "CVE-2014-1363", "CVE-2014-1324", "CVE-2014-4413", "CVE-2013-5228", "CVE-2014-1366", "CVE-2014-1386", "CVE-2014-1365", "CVE-2014-1342", "CVE-2014-1289", "CVE-2014-4412", "CVE-2014-1364", "CVE-2014-1307", "CVE-2014-1335", "CVE-2014-1387", "CVE-2014-1323", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1389", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1338", "CVE-2014-1268", "CVE-2014-4411", "CVE-2014-1291", "CVE-2014-1382", "CVE-2014-4415", "CVE-2013-5197", "CVE-2014-1385", "CVE-2013-5196", "CVE-2014-1368", "CVE-2014-1327", "CVE-2013-5225", "CVE-2014-1325", "CVE-2014-1336", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1362", "CVE-2014-1301", "CVE-2013-5198", "CVE-2013-6663", "CVE-2014-1340", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1337", "CVE-2014-1303", "CVE-2014-1331", "CVE-2013-2875", "CVE-2014-1731", "CVE-2013-5199", "CVE-2014-1344", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1330", "CVE-2014-1367", "CVE-2013-5195", "CVE-2014-1713", "CVE-2014-1334", "CVE-2014-1329", "CVE-2014-1293", "CVE-2014-1326", "CVE-2014-1384", "CVE-2013-2927", "CVE-2014-4410", "CVE-2014-1343", "CVE-2013-2871", "CVE-2013-2909", "CVE-2014-4414", "CVE-2014-1333", "CVE-2014-1341", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1390", "CVE-2014-1300", "CVE-2014-1302", "CVE-2014-1388", "CVE-2013-2928", "CVE-2014-1339", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-6 iTunes 12.0.1\r\n\r\niTunes 12.0.1 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2013-2875 : miaubiz\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2927 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-5195 : Apple\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2013-6663 : Atte Kettunen of OUSPG\r\nCVE-2014-1268 : Apple\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1301 : Google Chrome Security Team\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1323 : banty\r\nCVE-2014-1324 : Google Chrome Security Team\r\nCVE-2014-1325 : Apple\r\nCVE-2014-1326 : Apple\r\nCVE-2014-1327 : Google Chrome Security Team, Apple\r\nCVE-2014-1329 : Google Chrome Security Team\r\nCVE-2014-1330 : Google Chrome Security Team\r\nCVE-2014-1331 : cloudfuzzer\r\nCVE-2014-1333 : Google Chrome Security Team\r\nCVE-2014-1334 : Apple\r\nCVE-2014-1335 : Google Chrome Security Team\r\nCVE-2014-1336 : Apple\r\nCVE-2014-1337 : Apple\r\nCVE-2014-1338 : Google Chrome Security Team\r\nCVE-2014-1339 : Atte Kettunen of OUSPG\r\nCVE-2014-1340 : Apple\r\nCVE-2014-1341 : Google Chrome Security Team\r\nCVE-2014-1342 : Apple\r\nCVE-2014-1343 : Google Chrome Security Team\r\nCVE-2014-1344 : Ian Beer of Google Project Zero\r\nCVE-2014-1362 : Apple, miaubiz\r\nCVE-2014-1363 : Apple\r\nCVE-2014-1364 : Apple\r\nCVE-2014-1365 : Apple, Google Chrome Security Team\r\nCVE-2014-1366 : Apple\r\nCVE-2014-1367 : Apple\r\nCVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)\r\nCVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung\r\nElectronics\r\nCVE-2014-1384 : Apple\r\nCVE-2014-1385 : Apple\r\nCVE-2014-1386 : an anonymous researcher\r\nCVE-2014-1387 : Google Chrome Security Team\r\nCVE-2014-1388 : Apple\r\nCVE-2014-1389 : Apple\r\nCVE-2014-1390 : Apple\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\nCVE-2014-1731 : an anonymous member of the Blink development\r\ncommunity\r\nCVE-2014-4410 : Eric Seidel of Google\r\nCVE-2014-4411 : Google Chrome Security Team\r\nCVE-2014-4412 : Apple\r\nCVE-2014-4413 : Apple\r\nCVE-2014-4414 : Apple\r\nCVE-2014-4415 : Apple\r\n\r\n\r\niTunes 12.0.1 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCKuAAoJEBcWfLTuOo7t3cgP/RCpdvSrkHZM2SsNXSVtaCfW\r\nauW4hMgN5s2OkYxWwiHDhnKB6dM5Jb4aC5a4j7JECUMRZ7MxIw4EgfV0SJDfRP7M\r\n90YhewGKLaapfc6SRYl1lws+Me+OXf0tjzgBEyD+3qdhFDCCQzWh2F+rpjj4Bzbo\r\ncWrPn454dEEvJvDRc7/U13xvbSNm94jedzZjuCDkiA8+1UFF1fWqxU1Iw8HjW1U2\r\nKUe0Uzrpyul85shviO/nO4hnuGMT3i85ZBmTWjMhsOteLsp/ZRSHrvuKps3XM0qg\r\nrBp8W//gFgYreMUP3m779SkCAPznmA7XnufCZBdbLJwdQBac+xdcjdQa+RdjUfXA\r\nFb8sDaNQm1qJVfo8kDWe6ED7MbnxbwrpKswQFN2Mft3wXLNdfdViLmQ4A3mJ+1ju\r\n0RoR8SuoZiZrClbPW0C08i6Y4EZfVeG1lNzJQySlqg2ZhFPcrdQMyLr0mSs58ClE\r\n19km+0fMKWzb8XJsQZkir41P5sheldAVsqtQBud2Q25xnM8LmTDuX1ywXUEvTKO8\r\nSRAZ4EF1vvfVpHE9w/XgBzRC9J23scN1/WnzDeoVMxkz4YrvsZdV3bjJJMJ4bDs6\r\n85hjnwYe8QFnfaZPoMcstwWQMxA8Hl4mhu3B+1PKWlT6FENpCKCCc5W5MxWrAXnp\r\nK0B4Ue5bqvDqVL0KLkrB\r\n=+heG\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31304", "title": "APPLE-SA-2014-10-16-6 iTunes 12.0.1", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T01:21:24", "description": "According to its banner, the remote Apple TV 2nd generation or later\ndevice is prior to 6.1. It is, therefore, reportedly affected by\nmultiple vulnerabilities, the most serious issues of which could\nresult in arbitrary code execution.", "edition": 24, "published": "2014-03-12T00:00:00", "title": "Apple TV < 6.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2014-1278", "CVE-2013-5228", "CVE-2014-1289", "CVE-2014-1280", "CVE-2014-1271", "CVE-2013-2926", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1287", "CVE-2014-1291", "CVE-2014-1272", "CVE-2013-5197", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1275", "CVE-2013-5199", "CVE-2014-1290", "CVE-2014-1282", "CVE-2014-1293", "CVE-2014-1273", "CVE-2013-2909", "CVE-2012-2088", "CVE-2013-6629", "CVE-2014-1279", "CVE-2013-2928", "CVE-2014-1267", "CVE-2014-1294"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_6_1.NASL", "href": "https://www.tenable.com/plugins/nessus/72962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72962);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2012-2088\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2928\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6629\",\n \"CVE-2013-6635\",\n \"CVE-2014-1267\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1271\",\n \"CVE-2014-1272\",\n \"CVE-2014-1273\",\n \"CVE-2014-1275\",\n \"CVE-2014-1278\",\n \"CVE-2014-1279\",\n \"CVE-2014-1280\",\n \"CVE-2014-1282\",\n \"CVE-2014-1287\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\"\n );\n script_bugtraq_id(\n 54270,\n 63024,\n 63028,\n 63672,\n 63676,\n 64354,\n 64356,\n 64358,\n 64359,\n 64360,\n 64361,\n 64362,\n 65779,\n 65780,\n 65781,\n 66088,\n 66089,\n 66090\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-03-10-2\");\n\n script_name(english:\"Apple TV < 6.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in banner\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote Apple TV 2nd generation or later\ndevice is prior to 6.1. It is, therefore, reportedly affected by\nmultiple vulnerabilities, the most serious issues of which could\nresult in arbitrary code execution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531397/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple TV 6.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \$(Mac )?OS X\$\";\nmatches = egrep(pattern:pat, string:banner);\n\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n !matches\n) exit(0, \"The web server listening on port \"+port+\" does not appear to be from iTunes on an Apple TV.\");\n\n\nfixed_major = \"11.1\";\nfixed_char = \"b\";\nfixed_minor = \"37\";\nfixed_airtunes_version = \"200.54\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n char = match[2];\n minor = int(match[3]);\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n (\n ord(char) < ord(fixed_char) ||\n (\n ord(char) == ord(fixed_char) &&\n minor < fixed_minor\n )\n )\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + char + minor +\n '\\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor +\n '\\n';\n }\n else if (major == fixed_major && char == fixed_char && minor == fixed_minor)\n {\n airtunes_port = 5000;\n # nb: 'http_server_header()' exits if it can't get the HTTP banner.\n server_header = http_server_header(port:airtunes_port);\n if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port);\n if (\"AirTunes\" >!< server_header) audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, \"AirTunes\");\n\n match = eregmatch(string:server_header, pattern:\"^AirTunes\\/([0-9][0-9.]+)\");\n if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"AirTunes\", airtunes_port);\n airtunes_version = match[1];\n\n if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0)\n {\n report = '\\n Source : ' + server_header +\n '\\n Installed AirTunes version : ' + airtunes_version +\n '\\n Fixed AirTunes version : ' + fixed_airtunes_version +\n '\\n';\n }\n else exit(0, \"The web server listening on port \"+airtunes_port+\" reports itself as 'AirTunes/\"+airtunes_version+\"' and, therefore, is not affected.\");\n }\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major < 4) exit(0, \"The web server listening on port \"+port+\" is from iTunes on a 1st generation Apple TV, which is no longer supported.\");\n else if (major >= 4 && major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:24:53", "description": "The version of Apple Safari installed on the remote Mac OS X host is\nprior to 6.1.1 or 7.0.1. It is, therefore, potentially affected by\nseveral issues :\n\n - A use-after-free error exists related to 'inline-block'\n rendering. (CVE-2013-2909)\n\n - Multiple, unspecified memory corruption vulnerabilities\n exist in WebKit that could lead to unexpected program\n termination or arbitrary code execution. (CVE-2013-5195,\n CVE-2013-5196, CVE-2013-5197, CVE-2013-5198,\n CVE-2013-5199, CVE-2013-5225, CVE-2013-5228)\n\n - Multiple information disclosure vulnerabilities exist\n due to an origin-validation error in which user\n information is auto-filled into a sub-frame from a\n different domain. (CVE-2013-5227)", "edition": 24, "published": "2013-12-17T00:00:00", "title": "Mac OS X : Apple Safari < 6.1.1 / 7.0.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5228", "CVE-2013-5197", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-5199", "CVE-2013-5195", "CVE-2013-5227", "CVE-2013-2909"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI7_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/71498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71498);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2909\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5227\",\n \"CVE-2013-5228\"\n );\n script_bugtraq_id(\n 64353,\n 64354,\n 64355,\n 64356,\n 64358,\n 64359,\n 64360,\n 64361,\n 64362\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-12-16-1\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-12-16-2\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.1.1 / 7.0.1 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nprior to 6.1.1 or 7.0.1. It is, therefore, potentially affected by\nseveral issues :\n\n - A use-after-free error exists related to 'inline-block'\n rendering. (CVE-2013-2909)\n\n - Multiple, unspecified memory corruption vulnerabilities\n exist in WebKit that could lead to unexpected program\n termination or arbitrary code execution. (CVE-2013-5195,\n CVE-2013-5196, CVE-2013-5197, CVE-2013-5198,\n CVE-2013-5199, CVE-2013-5225, CVE-2013-5228)\n\n - Multiple information disclosure vulnerabilities exist\n due to an origin-validation error in which user\n information is auto-filled into a sub-frame from a\n different domain. (CVE-2013-5227)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-286/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6082\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6084\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/530366/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/530369/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Mac OS X 10.9, upgrade to 10.9.1, which includes Apple Safari\n7.0.1. Otherwise, upgrade to Apple Safari 6.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[7-9]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8 / 10.9\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.7\" >< os || \"10.8\" >< os) fixed_version = \"6.1.1\";\nelse fixed_version = \"7.0.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:24:54", "description": "The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.2 or 7.0.2. It is, therefore, potentially\naffected by multiple, unspecified, memory corruption vulnerabilities\nin WebKit that could lead to unexpected program termination or\narbitrary code execution.", "edition": 23, "published": "2014-02-25T00:00:00", "title": "Mac OS X : Apple Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2014-1270", "CVE-2014-1268", "CVE-2014-1269"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI7_0_2.NASL", "href": "https://www.tenable.com/plugins/nessus/72689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72689);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2013-6635\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\"\n );\n script_bugtraq_id(65778, 65779, 65780, 65781);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-02-25-2\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.1.2 / 7.0.2 Multiple Memory Corruption Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by multiple\nmemory corruption vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.2 or 7.0.2. It is, therefore, potentially\naffected by multiple, unspecified, memory corruption vulnerabilities\nin WebKit that could lead to unexpected program termination or\narbitrary code execution.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6145\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2014/Feb/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531264/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Mac OS X 10.9, upgrade to 10.9.2, which includes Apple Safari\n7.0.2. Otherwise, upgrade to Apple Safari 6.1.2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[7-9]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8 / 10.9\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.7\" >< os || \"10.8\" >< os) fixed_version = \"6.1.2\";\nelse fixed_version = \"7.0.2\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:24:55", "description": "The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.3 or 7.0.3. It is, therefore, potentially\naffected by the following vulnerabilities related to the included\nWebKit components :\n\n - Unspecified errors exist that could allow memory\n corruption, application crashes and possibly arbitrary\n code execution. (CVE-2013-2871, CVE-2013-2926,\n CVE-2013-2928, CVE-2013-6625, CVE-2014-1289,\n CVE-2014-1290, CVE-2014-1291, CVE-2014-1292,\n CVE-2014-1293, CVE-2014-1294, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1301,\n CVE-2014-1302, CVE-2014-1303, CVE-2014-1304,\n CVE-2014-1305, CVE-2014-1307, CVE-2014-1308,\n CVE-2014-1309, CVE-2014-1310, CVE-2014-1311,\n CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)\n\n - An error exists related to IPC messages and 'WebProcess'\n that could allow an attacker to read arbitrary files.\n (CVE-2014-1297)", "edition": 26, "published": "2014-04-02T00:00:00", "title": "Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1289", "CVE-2014-1307", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1292", "CVE-2014-1291", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1301", "CVE-2013-6625", "CVE-2014-1303", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1297", "CVE-2014-1713", "CVE-2014-1293", "CVE-2013-2871", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1300", "CVE-2014-1302", "CVE-2013-2928", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI7_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/73304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73304);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2926\",\n \"CVE-2013-2928\",\n \"CVE-2013-6625\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1297\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1713\"\n );\n script_bugtraq_id(\n 61054,\n 63024,\n 63028,\n 63672,\n 66088,\n 66242,\n 66243,\n 66572,\n 66573,\n 66574,\n 66575,\n 66576,\n 66577,\n 66578,\n 66579,\n 66580,\n 66581,\n 66583,\n 66584,\n 66585,\n 66586,\n 66587\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-04-01-1\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\na version prior to 6.1.3 or 7.0.3. It is, therefore, potentially\naffected by the following vulnerabilities related to the included\nWebKit components :\n\n - Unspecified errors exist that could allow memory\n corruption, application crashes and possibly arbitrary\n code execution. (CVE-2013-2871, CVE-2013-2926,\n CVE-2013-2928, CVE-2013-6625, CVE-2014-1289,\n CVE-2014-1290, CVE-2014-1291, CVE-2014-1292,\n CVE-2014-1293, CVE-2014-1294, CVE-2014-1298,\n CVE-2014-1299, CVE-2014-1300, CVE-2014-1301,\n CVE-2014-1302, CVE-2014-1303, CVE-2014-1304,\n CVE-2014-1305, CVE-2014-1307, CVE-2014-1308,\n CVE-2014-1309, CVE-2014-1310, CVE-2014-1311,\n CVE-2014-1312, CVE-2014-1313, CVE-2014-1713)\n\n - An error exists related to IPC messages and 'WebProcess'\n that could allow an attacker to read arbitrary files.\n (CVE-2014-1297)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-057/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6181\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/531708/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.1.3 / 7.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-1303\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[7-9]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8 / 10.9\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.7\" >< os || \"10.8\" >< os) fixed_version = \"6.1.3\";\nelse fixed_version = \"7.0.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:05:28", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.101. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Use-after-free errors exist related to editing, forms,\n and XmlHttpRequest (XHR). (CVE-2013-2925, CVE-2013-2926,\n CVE-2013-2927)\n\n - Various, unspecified errors exist. (CVE-2013-2928)", "edition": 23, "published": "2013-10-18T00:00:00", "title": "Google Chrome < 30.0.1599.101 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_30_0_1599_101.NASL", "href": "https://www.tenable.com/plugins/nessus/70494", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70494);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2925\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\"\n );\n script_bugtraq_id(\n 63024,\n 63025,\n 63026,\n 63028\n );\n\n script_name(english:\"Google Chrome < 30.0.1599.101 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.101. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Use-after-free errors exist related to editing, forms,\n and XmlHttpRequest (XHR). (CVE-2013-2925, CVE-2013-2926,\n CVE-2013-2927)\n\n - Various, unspecified errors exist. (CVE-2013-2928)\");\n # http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b19cce80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 30.0.1599.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\n\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\ngoogle_chrome_check_version(installs:installs, fix:'30.0.1599.101', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:45:32", "description": "Google Chrome Releases reports :\n\n5 security fixes in this release, including :\n\n- [292422] High CVE-2013-2925: Use after free in XHR. Credit to Atte\nKettunen of OUSPG.\n\n- [294456] High CVE-2013-2926: Use after free in editing. Credit to\ncloudfuzzer.\n\n- [297478] High CVE-2013-2927: Use after free in forms. Credit to\ncloudfuzzer.\n\n- [305790] High CVE-2013-2928: Various fixes from internal audits,\nfuzzing and other initiatives.", "edition": 20, "published": "2013-10-16T00:00:00", "title": "FreeBSD : chromium -- multiple vulnerabilities (710cd5d5-35cb-11e3-85f9-00262d5ed8ee)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "modified": "2013-10-16T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_710CD5D535CB11E385F900262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/70449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70449);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (710cd5d5-35cb-11e3-85f9-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n5 security fixes in this release, including :\n\n- [292422] High CVE-2013-2925: Use after free in XHR. Credit to Atte\nKettunen of OUSPG.\n\n- [294456] High CVE-2013-2926: Use after free in editing. Credit to\ncloudfuzzer.\n\n- [297478] High CVE-2013-2927: Use after free in forms. Credit to\ncloudfuzzer.\n\n- [305790] High CVE-2013-2928: Various fixes from internal audits,\nfuzzing and other initiatives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://googlechromereleases.blogspot.nl/\"\n );\n # http://www.freebsd.org/ports/portaudit/710cd5d5-35cb-11e3-85f9-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29fbc1f4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<30.0.1599.101\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:30:06", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.101. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Use-after-free errors exist related to editing, forms,\n and XmlHttpRequest (XHR). (CVE-2013-2925, CVE-2013-2926,\n CVE-2013-2927)\n\n - Various, unspecified errors exist. (CVE-2013-2928)", "edition": 23, "published": "2013-11-13T00:00:00", "title": "Google Chrome < 30.0.1599.101 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_30_0_1599_101.NASL", "href": "https://www.tenable.com/plugins/nessus/70892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70892);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-2925\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\"\n );\n script_bugtraq_id(\n 63024,\n 63025,\n 63026,\n 63028\n );\n\n script_name(english:\"Google Chrome < 30.0.1599.101 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 30.0.1599.101. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Use-after-free errors exist related to editing, forms,\n and XmlHttpRequest (XHR). (CVE-2013-2925, CVE-2013-2926,\n CVE-2013-2927)\n\n - Various, unspecified errors exist. (CVE-2013-2928)\");\n # http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b19cce80\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 30.0.1599.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'30.0.1599.101', severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:02", "description": "Chromium was updated to 30.0.1599.114 :\n\nStable Channel update: fix build for 32bit systems\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo", "p-cpe:/a:novell:opensuse:chromium-suid-helper", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:12.2", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "p-cpe:/a:novell:opensuse:chromium-desktop-kde"], "id": "OPENSUSE-2013-876.NASL", "href": "https://www.tenable.com/plugins/nessus/75205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-876.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75205);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\");\n script_bugtraq_id(63024, 63025, 63026, 63028);\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)\");\n script_summary(english:\"Check for the openSUSE-2013-876 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 30.0.1599.114 :\n\nStable Channel update: fix build for 32bit systems\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes :\n\n + CVE-2013-2925: Use after free in XHR\n\n + CVE-2013-2926: Use after free in editing\n\n + CVE-2013-2927: Use after free in forms.\n\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-suid-helper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromedriver-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromedriver-debuginfo-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-debuginfo-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-debugsource-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-desktop-gnome-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-desktop-kde-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-ffmpegsumo-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-ffmpegsumo-debuginfo-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-suid-helper-30.0.1599.114-1.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"chromium-suid-helper-debuginfo-30.0.1599.114-1.50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:17:40", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 25, "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2014-1363", "CVE-2014-1324", "CVE-2014-4413", "CVE-2013-5228", "CVE-2014-1366", "CVE-2014-1386", "CVE-2014-1365", "CVE-2014-1342", "CVE-2014-1289", "CVE-2014-4412", "CVE-2014-1364", "CVE-2014-1307", "CVE-2014-1335", "CVE-2014-1387", "CVE-2014-1323", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1389", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1338", "CVE-2014-1268", "CVE-2014-4411", "CVE-2014-1291", "CVE-2014-1382", "CVE-2014-4415", "CVE-2013-5197", "CVE-2014-1385", "CVE-2013-5196", "CVE-2014-1368", "CVE-2014-1327", "CVE-2013-5225", "CVE-2014-1325", "CVE-2014-1336", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1362", "CVE-2014-1301", "CVE-2013-5198", "CVE-2013-6663", "CVE-2014-1340", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1337", "CVE-2014-1303", "CVE-2014-1331", "CVE-2013-2875", "CVE-2014-1731", "CVE-2013-5199", "CVE-2014-1344", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1330", "CVE-2014-1367", "CVE-2013-5195", "CVE-2014-1713", "CVE-2014-1334", "CVE-2014-1329", "CVE-2014-1293", "CVE-2014-1326", "CVE-2014-1384", "CVE-2013-2927", "CVE-2014-4410", "CVE-2014-1343", "CVE-2013-2871", "CVE-2013-2909", "CVE-2014-4414", "CVE-2014-1333", "CVE-2014-1341", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1390", "CVE-2014-1300", "CVE-2014-1302", "CVE-2014-1388", "CVE-2013-2928", "CVE-2014-1339", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/78597", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78597);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.0.1.26\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:17:40", "description": "The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 25, "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6635", "CVE-2014-1363", "CVE-2014-1324", "CVE-2014-4413", "CVE-2013-5228", "CVE-2014-1366", "CVE-2014-1386", "CVE-2014-1365", "CVE-2014-1342", "CVE-2014-1289", "CVE-2014-4412", "CVE-2014-1364", "CVE-2014-1307", "CVE-2014-1335", "CVE-2014-1387", "CVE-2014-1323", "CVE-2014-1309", "CVE-2013-2926", "CVE-2014-1389", "CVE-2014-1270", "CVE-2014-1292", "CVE-2014-1338", "CVE-2014-1268", "CVE-2014-4411", "CVE-2014-1291", "CVE-2014-1382", "CVE-2014-4415", "CVE-2013-5197", "CVE-2014-1385", "CVE-2013-5196", "CVE-2014-1368", "CVE-2014-1327", "CVE-2013-5225", "CVE-2014-1325", "CVE-2014-1336", "CVE-2014-1312", "CVE-2014-1308", "CVE-2014-1362", "CVE-2014-1301", "CVE-2013-5198", "CVE-2013-6663", "CVE-2014-1340", "CVE-2013-6625", "CVE-2014-1269", "CVE-2014-1337", "CVE-2014-1303", "CVE-2014-1331", "CVE-2013-2875", "CVE-2014-1731", "CVE-2013-5199", "CVE-2014-1344", "CVE-2014-1290", "CVE-2014-1304", "CVE-2014-1330", "CVE-2014-1367", "CVE-2013-5195", "CVE-2014-1713", "CVE-2014-1334", "CVE-2014-1329", "CVE-2014-1293", "CVE-2014-1326", "CVE-2014-1384", "CVE-2013-2927", "CVE-2014-4410", "CVE-2014-1343", "CVE-2013-2871", "CVE-2013-2909", "CVE-2014-4414", "CVE-2014-1333", "CVE-2014-1341", "CVE-2014-1298", "CVE-2014-1313", "CVE-2014-1305", "CVE-2014-1310", "CVE-2014-1390", "CVE-2014-1300", "CVE-2014-1302", "CVE-2014-1388", "CVE-2013-2928", "CVE-2014-1339", "CVE-2014-1299", "CVE-2014-1294", "CVE-2014-1311"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_0_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/78598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78598);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.0.1.26\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:31:01", "description": "BUGTRAQ ID: 66087\r\nCVE(CAN) ID: CVE-2013-5133,CVE-2014-1274,CVE-2013-6835,CVE-2014-1276,CVE-2014-1277,CVE-2014-1281,CVE-2014-1284,CVE-2014-1285,CVE-2014-1286\r\n\r\niOS\u662f\u7531\u82f9\u679c\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u652f\u6301\u7684\u8bbe\u5907\u5305\u62eciPhone\u3001iPod touch\u3001iPad\u3001Apple TV\u3002\r\n\r\niOS 7.1\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\u3001\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u3001\u83b7\u53d6\u672a\u6388\u6743\u8bbf\u95ee\u6743\u9650\u3001\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u5176\u4ed6\u653b\u51fb\u3002\n0\nApple iOS < 7.1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\nApple\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08APPLE-SA-2014-03-10-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nAPPLE-SA-2014-03-10-1\uff1aiOS 7.1\r\n\u94fe\u63a5\uff1ahttp://support.apple.com/kb/HT1222", "published": "2014-03-13T00:00:00", "title": "Apple iOS \u591a\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5133", "CVE-2013-6835", "CVE-2014-1274", "CVE-2014-1276", "CVE-2014-1277", "CVE-2014-1281", "CVE-2014-1284", "CVE-2014-1285", "CVE-2014-1286"], "modified": "2014-03-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61778", "id": "SSV:61778", "sourceData": "", "cvss": {"score": 8.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:39:27", "description": "BUGTRAQ ID: 64355\r\nCVE(CAN) ID: CVE-2013-5227\r\n\r\nSafari\u662f\u82f9\u679c\u8ba1\u7b97\u673a\u7684\u6700\u65b0\u4f5c\u4e1a\u7cfb\u7edfMac OS X\u4e2d\u7684\u6d4f\u89c8\u5668\uff0c\u4f7f\u7528\u4e86KDE\u7684KHTML\u4f5c\u4e3a\u6d4f\u89c8\u5668\u7684\u8fd0\u7b97\u6838\u5fc3\u3002\r\n\r\nApple Safari 6.1.1\u30017.0.1\u4e4b\u524d\u7248\u672c\u5728\u6e90\u8ddf\u8e2a\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u540e\u53ef\u4f7f\u653b\u51fb\u8005\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\r\n0\r\nApple Safari 7.0.1\r\nApple Safari 6.1.1\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\nApple\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08HT6082\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nHT6082\uff1aAbout the security content of Safari 6.1.1 and Safari 7.0.1\r\n\u94fe\u63a5\uff1ahttp://support.apple.com/kb/HT6082", "published": "2013-12-18T00:00:00", "type": "seebug", "title": "Apple Safari \u591a\u4e2a\u8de8\u57df\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-5227"], "modified": "2013-12-18T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61196", "id": "SSV:61196", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T15:23:50", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "iOS 7 - Kernel Mode Memory Corruption", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1287"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-85627", "id": "SSV:85627", "sourceData": "\n ~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Vulnerability Summary\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Title iOS 7 arbitrary code execution in kernel mode\r\n Release Date 14 March 2014\r\n Reference NGS00596\r\n Discoverer Andy Davis \r\n Vendor Apple\r\n Vendor Reference 600217059\r\n Systems Affected iPhone 4 and later, iPod touch (5th generation) and later, \r\n iPad 2 and later\r\n CVE Reference CVE-2014-1287\r\n Risk High\r\n Status Fixed\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Resolution Timeline\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Discovered 26 September 2013\r\n Reported 26 September 2013\r\n Released 26 September 2013\r\n Fixed 10 March 2014\r\n Published 14 March 2014\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Vulnerability Description \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n When a specific value is supplied in USB Endpoint descriptor for a HID device \r\n the Apple device kernel panics and reboots\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Technical Details\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n The bug can be triggered using umap (https://github.com/nccgroup/umap)\r\n as follows:\r\n\r\n sudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46\r\n\r\n bMaxPacketSize = 0xff\r\n\r\n Incident Identifier: F0856C91-7616-4DAC-9907-C504401D9951\r\n CrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b\r\n Hardware Model: iPhone3,1\r\n Date/Time: 2013-09-26 12:35:46.892 +0100\r\n OS Version: iOS 7.0 (11A465)\r\n\r\n panic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1, \r\n fault_addr=0x28\r\n r0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe\r\n r4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78\r\n r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001\r\n r12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8\r\n cpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028\r\n\r\n Debugger message: panic\r\n OS version: 11A465\r\n Kernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; \r\n root:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X\r\n iBoot version: iBoot-1940.1.75\r\n secure boot?: YES\r\n Paniclog version: 1\r\n Kernel slide: 0x0000000008200000\r\n Kernel text base: 0x88201000\r\n Epoch Time: sec usec\r\n Boot : 0x52441b69 0x00000000\r\n Sleep : 0x00000000 0x00000000\r\n Wake : 0x00000000 0x00000000\r\n Calendar: 0x52441bb5 0x00056497\r\n\r\n Panicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task\r\n panicked thread: 0x8023de90, backtrace: 0x87ff3a48\r\n lr: 0x88317889 fp: 0x87ff3a7c\r\n lr: 0x883181f7 fp: 0x87ff3ab0\r\n lr: 0x882b783b fp: 0x87ff3ad4\r\n lr: 0x882220a5 fp: 0x87ff3ba0\r\n lr: 0x8821c7c4 fp: 0x87ff3d78\r\n lr: 0x88af8687 fp: 0x87ff3da8\r\n lr: 0x8828b5bd fp: 0x87ff3dd0\r\n lr: 0x889d6d29 fp: 0x87ff3df0\r\n lr: 0x889da2f3 fp: 0x87ff3e18\r\n lr: 0x8828b5bd fp: 0x87ff3e40\r\n lr: 0x889da14f fp: 0x87ff3e7c\r\n lr: 0x88acb8e7 fp: 0x87ff3eb8\r\n lr: 0x88ac9815 fp: 0x87ff3ed4\r\n lr: 0x884b24d3 fp: 0x87ff3f60\r\n lr: 0x882cf869 fp: 0x87ff3fa8\r\n lr: 0x8821f05c fp: 0x00000000\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Fix Information\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n A patch can be downloaded from the following location:\r\n http://support.apple.com/kb/HT1222\r\n \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n NCC Group\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Research https://www.nccgroup.com/research\r\n Twitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec\r\n Open Source https://github.com/nccgroup\r\n Blog https://www.nccgroup.com/en/blog/cyber-security/\r\n SlideShare http://www.slideshare.net/NCC_Group/\r\n\r\n\r\nFor more information please visit <a href="http://www.mimecast.com">http://www.mimecast.com<br>\r\nThis email message has been delivered safely and archived online by Mimecast.\n ", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-85627"}, {"lastseen": "2017-11-19T17:38:11", "description": "Bugtraq ID:65781\r\nCVE ID:CVE-2014-1270\r\n\r\nWebKit\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6d4f\u89c8\u5668\u5f15\u64ce\u3002\r\n\r\nApple Safari 6.1.2\u548c7.0.2\u4e4b\u524d\u7248\u672c\u6240\u4f7f\u7528\u7684WebKit\u5b58\u5728\u4e00\u4e2a\u672a\u660e\u7684\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u7279\u5236\u7684HTML\uff0c\u8bf1\u4f7f\u7528\u6237\u76ee\u6807\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nMac OS X Lion v10.7.5\r\nMac OS X Lion Server v10.7.5\r\nMac OS X Mountain Lion v10.8.5\r\nMac OS X Mavericks v10.9.1\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\nApple Safari 6.1.2\u548c7.0.2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.apple.com", "published": "2014-02-27T00:00:00", "type": "seebug", "title": "WebKit\u672a\u660e\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1270"], "modified": "2014-02-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61577", "id": "SSV:61577", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:33:38", "description": "Bugtraq ID:65780\r\nCVE ID:CVE-2014-1269\r\n\r\nWebKit\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6d4f\u89c8\u5668\u5f15\u64ce\u3002\r\n\r\nApple Safari 6.1.2\u548c7.0.2\u4e4b\u524d\u7248\u672c\u6240\u4f7f\u7528\u7684WebKit\u5b58\u5728\u4e00\u4e2a\u672a\u660e\u7684\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u7279\u5236\u7684HTML\uff0c\u8bf1\u4f7f\u7528\u6237\u76ee\u6807\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nMac OS X Lion v10.7.5\r\nMac OS X Lion Server v10.7.5\r\nMac OS X Mountain Lion v10.8.5\r\nMac OS X Mavericks v10.9.1\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\nApple Safari 6.1.2\u548c7.0.2\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.apple.com", "published": "2014-02-27T00:00:00", "type": "seebug", "title": "WebKit\u672a\u660e\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1269"], "modified": "2014-02-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61578", "id": "SSV:61578", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-07-17T14:28:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5228", "CVE-2013-5197", "CVE-2013-5196", "CVE-2013-5225", "CVE-2013-5198", "CVE-2013-5199", "CVE-2013-5195", "CVE-2013-5227"], "description": "This host is installed with Apple Safari and is prone to multiple\nvulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2013-12-24T00:00:00", "id": "OPENVAS:1361412562310804177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804177", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804177\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2013-5195\", \"CVE-2013-5196\", \"CVE-2013-5197\", \"CVE-2013-5198\",\n \"CVE-2013-5199\", \"CVE-2013-5225\", \"CVE-2013-5227\", \"CVE-2013-5228\");\n script_bugtraq_id(64356, 64353, 64358, 64359, 64361, 64360, 64355, 64362);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-12-24 11:34:57 +0530 (Tue, 24 Dec 2013)\");\n script_name(\"Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)\");\n\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow local users to obtain sensitive user\ninformation, application termination or arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"Apple Safari before version 6.1.1 and 7.x before version 7.0.1 on Mac OS X\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Unspecified memory corruption issues within webkit.\n\n - An error related to origin tracking that can be exploited to autofill a form.\n\n - A use-after-free error exists within webkit.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 6.1.1 or 7.0.1 or later.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6082\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56122\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/124511\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"6.1.1\") ||\n version_in_range(version:safVer, test_version:\"7.0\", test_version2:\"7.0.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:28:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1270", "CVE-2014-1268", "CVE-2014-1269"], "description": "This host is installed with Apple Safari and is prone to multiple\nvulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2014-03-03T00:00:00", "id": "OPENVAS:1361412562310804319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804319", "type": "openvas", "title": "Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804319\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2014-1268\", \"CVE-2014-1269\", \"CVE-2014-1270\");\n script_bugtraq_id(65778, 65780, 65781);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-03 16:56:35 +0530 (Mon, 03 Mar 2014)\");\n script_name(\"Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws exists in Apple Safari WebKit due to improper handling of\nmemory.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct arbitrary code\nexecution or denial of service.\");\n script_tag(name:\"affected\", value:\"Apple Safari before version 6.1.2 and 7.x before version 7.0.2 on Mac OS X.\");\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 6.1.2 or 7.0.2 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT6145\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57093\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/125428/Apple-Security-Advisory-2014-02-25-2.html\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"6.1.2\") ||\n version_in_range(version:safVer, test_version:\"7.0\", test_version2:\"7.0.1\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-23T00:00:00", "id": "OPENVAS:1361412562310804115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804115", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Oct2013 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Oct2013 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804115\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2928\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\");\n script_bugtraq_id(63024, 63026, 63028, 63025);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-23 15:30:38 +0530 (Wed, 23 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Oct2013 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.101 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the HTMLFormElement 'prepareForSubmission'\nfunction in core/html/HTMLFormElement.cpp.\n\n - Use-after-free vulnerability in the IndentOutdentCommand\n'tryIndentingAsListItem' function in core/editing/IndentOutdentCommand.cpp.\n\n - Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp.\n\n - Another unspecified error.\");\n script_tag(name:\"affected\", value:\"Google Chrome before 30.0.1599.101\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice or possibly have other impact via vectors related to submission\nfor FORM elements, vectors related to list elements, vectors that trigger\nmultiple conflicting uses of the same XMLHttpRequest object or via unknown\nvectors.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/63025\");\n script_xref(name:\"URL\", value:\"http://en.securitylab.ru/nvd/446283.php\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/10/stable-channel-update_15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.101\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.101\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-23T00:00:00", "id": "OPENVAS:1361412562310804114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804114", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Oct2013 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Oct2013 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804114\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2928\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\");\n script_bugtraq_id(63024, 63026, 63028, 63025);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-23 14:30:38 +0530 (Wed, 23 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Oct2013 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.101 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the HTMLFormElement 'prepareForSubmission'\nfunction in core/html/HTMLFormElement.cpp.\n\n - Use-after-free vulnerability in the IndentOutdentCommand\n'tryIndentingAsListItem' function in core/editing/IndentOutdentCommand.cpp.\n\n - Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp.\n\n - Another unspecified error.\");\n script_tag(name:\"affected\", value:\"Google Chrome before 30.0.1599.101\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice or possibly have other impact via vectors related to submission\nfor FORM elements, vectors related to list elements, vectors that trigger\nmultiple conflicting uses of the same XMLHttpRequest object or via unknown\nvectors.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/63025\");\n script_xref(name:\"URL\", value:\"http://en.securitylab.ru/nvd/446283.php\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/10/stable-channel-update_15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.101\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.101\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-23T19:05:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "description": "This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.", "modified": "2020-04-21T00:00:00", "published": "2013-10-23T00:00:00", "id": "OPENVAS:1361412562310804116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804116", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities-02 Oct2013 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities-02 Oct2013 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804116\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2013-2928\", \"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\");\n script_bugtraq_id(63024, 63026, 63028, 63025);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-23 16:00:38 +0530 (Wed, 23 Oct 2013)\");\n script_name(\"Google Chrome Multiple Vulnerabilities-02 Oct2013 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Google Chrome and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 30.0.1599.101 or later.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Use-after-free vulnerability in the HTMLFormElement 'prepareForSubmission'\nfunction in core/html/HTMLFormElement.cpp.\n\n - Use-after-free vulnerability in the IndentOutdentCommand\n'tryIndentingAsListItem' function in core/editing/IndentOutdentCommand.cpp.\n\n - Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp.\n\n - Another unspecified error.\");\n script_tag(name:\"affected\", value:\"Google Chrome before 30.0.1599.101\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause a denial of\nservice or possibly have other impact via vectors related to submission\nfor FORM elements, vectors related to list elements, vectors that trigger\nmultiple conflicting uses of the same XMLHttpRequest object or via unknown\nvectors.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/63025\");\n script_xref(name:\"URL\", value:\"http://en.securitylab.ru/nvd/446283.php\");\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2013/10/stable-channel-update_15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"30.0.1599.101\"))\n{\n report = report_fixed_ver(installed_version:chromeVer, fixed_version:\"30.0.1599.101\");\n security_message(port: 0, data: report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:08:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2931", "CVE-2013-2926", "CVE-2013-6631", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2927", "CVE-2013-6632", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "Check for the Version of chromium", "modified": "2018-01-17T00:00:00", "published": "2013-12-03T00:00:00", "id": "OPENVAS:850556", "href": "http://plugins.openvas.org/nasl.php?oid=850556", "type": "openvas", "title": "SuSE Update for chromium openSUSE-SU-2013:1776-1 (chromium)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_1776_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# SuSE Update for chromium openSUSE-SU-2013:1776-1 (chromium)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850556);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-03 14:47:17 +0530 (Tue, 03 Dec 2013)\");\n script_cve_id(\"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\",\n \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\",\n \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\",\n \"CVE-2013-6628\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\",\n \"CVE-2013-6632\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for chromium openSUSE-SU-2013:1776-1 (chromium)\");\n\n tag_insight = \"\n Security and bugfix update to Chromium 31.0.1650.57\n\n - Update to Chromium 31.0.1650.57:\n - Security Fixes:\n * CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n - Security fixes:\n * CVE-2013-6621: Use after free related to speech input\n elements..\n * CVE-2013-6622: Use after free related to media\n elements.\n * CVE-2013-6623: Out of bounds read in SVG.\n * CVE-2013-6624: Use after free related to id\n attribute strings.\n * CVE-2013-6625: Use after free in DOM ranges.\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n * CVE-2013-6631: Use after free in libjingle.\n\n - Stable Channel update: fix build for 32bit systems\n\n - Update to Chromium 30.0.1599.101\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n - Enable ARM build for Chromium.\";\n\n tag_affected = \"chromium on openSUSE 12.3\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:1776_1\");\n script_tag(name: \"summary\" , value: \"Check for the Version of chromium\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-31T18:41:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2931", "CVE-2013-2926", "CVE-2013-6631", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2927", "CVE-2013-6632", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2013-12-03T00:00:00", "id": "OPENVAS:1361412562310850556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850556", "type": "openvas", "title": "openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1776-1)", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850556\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-12-03 14:47:17 +0530 (Tue, 03 Dec 2013)\");\n script_cve_id(\"CVE-2013-2925\", \"CVE-2013-2926\", \"CVE-2013-2927\", \"CVE-2013-2928\",\n \"CVE-2013-2931\", \"CVE-2013-6621\", \"CVE-2013-6622\", \"CVE-2013-6623\",\n \"CVE-2013-6624\", \"CVE-2013-6625\", \"CVE-2013-6626\", \"CVE-2013-6627\",\n \"CVE-2013-6628\", \"CVE-2013-6629\", \"CVE-2013-6630\", \"CVE-2013-6631\",\n \"CVE-2013-6632\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for chromium (openSUSE-SU-2013:1776-1)\");\n\n script_tag(name:\"affected\", value:\"chromium on openSUSE 12.3\");\n\n script_tag(name:\"insight\", value:\"Security and bugfix update to Chromium 31.0.1650.57\n\n - Update to Chromium 31.0.1650.57:\n\n - Security Fixes:\n\n * CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n\n - Security fixes:\n\n * CVE-2013-6621: Use after free related to speech input\n elements..\n\n * CVE-2013-6622: Use after free related to media\n elements.\n\n * CVE-2013-6623: Out of bounds read in SVG.\n\n * CVE-2013-6624: Use after free related to id\n attribute strings.\n\n * CVE-2013-6625: Use after free in DOM ranges.\n\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n\n * CVE-2013-6631: Use after free in libjingle.\n\n - Stable Channel update: fix build for 32bit systems\n\n - Update to Chromium 30.0.1599.101\n\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n\n - Enable ARM build for Chromium.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:1776-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'chromium'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.3\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper\", rpm:\"chromium-suid-helper~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-suid-helper-debuginfo\", rpm:\"chromium-suid-helper-debuginfo~31.0.1650.57~1.17.1\", rls:\"openSUSE12.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6629"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310881844", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881844", "type": "openvas", "title": "CentOS Update for libjpeg CESA-2013:1804 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libjpeg CESA-2013:1804 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881844\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 12:00:02 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6629\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"CentOS Update for libjpeg CESA-2013:1804 centos5\");\n\n script_tag(name:\"affected\", value:\"libjpeg on CentOS 5\");\n script_tag(name:\"insight\", value:\"The libjpeg package contains a library of functions for manipulating JPEG\nimages. It also contains simple client programs for accessing the\nlibjpeg functions.\n\nAn uninitialized memory read issue was found in the way libjpeg decoded\nimages with missing Start Of Scan (SOS) JPEG markers. A remote attacker\ncould create a specially crafted JPEG image that, when decoded, could\npossibly lead to a disclosure of potentially sensitive information.\n(CVE-2013-6629)\n\nAll libjpeg users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2013:1804\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-December/020053.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libjpeg'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libjpeg\", rpm:\"libjpeg~6b~38\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjpeg-devel\", rpm:\"libjpeg-devel~6b~38\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-24T11:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6629"], "description": "Check for the Version of libjpeg", "modified": "2018-01-24T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:871090", "href": "http://plugins.openvas.org/nasl.php?oid=871090", "type": "openvas", "title": "RedHat Update for libjpeg RHSA-2013:1804-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libjpeg RHSA-2013:1804-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871090);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:52:33 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6629\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"RedHat Update for libjpeg RHSA-2013:1804-01\");\n\n tag_insight = \"The libjpeg package contains a library of functions for manipulating JPEG\nimages. It also contains simple client programs for accessing the\nlibjpeg functions.\n\nAn uninitialized memory read issue was found in the way libjpeg decoded\nimages with missing Start Of Scan (SOS) JPEG markers. A remote attacker\ncould create a specially crafted JPEG image that, when decoded, could\npossibly lead to a disclosure of potentially sensitive information.\n(CVE-2013-6629)\n\nAll libjpeg users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\";\n\n tag_affected = \"libjpeg on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1804-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-December/msg00012.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of libjpeg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libjpeg\", rpm:\"libjpeg~6b~38\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjpeg-debuginfo\", rpm:\"libjpeg-debuginfo~6b~38\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libjpeg-devel\", rpm:\"libjpeg-devel~6b~38\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-01-08T13:50:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6629"], "description": "This host is missing an important security\n update according to Microsoft KB4014652.", "modified": "2019-12-20T00:00:00", "published": "2017-04-12T00:00:00", "id": "OPENVAS:1361412562310810846", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810846", "type": "openvas", "title": "Microsoft Windows libjpeg Information Disclosure Vulnerability (KB4014652)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows libjpeg Information Disclosure Vulnerability (KB4014652)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810846\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2013-6629\");\n script_bugtraq_id(63676);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-04-12 10:35:10 +0530 (Wed, 12 Apr 2017)\");\n script_name(\"Microsoft Windows libjpeg Information Disclosure Vulnerability (KB4014652)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4014652.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The open-source libjpeg image-processing\n library where it fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information that could lead to an Address Space Layout Randomization\n (ASLR) bypass. An attacker who successfully exploited this vulnerability could\n cause information to be disclosed that could allow for bypassing the ASLR security\n feature that protects users from a broad class of vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Vista x32/x64 Edition Service Pack 2\n\n - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4014652\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win2008:3, winVistax64:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nqzVer = fetch_file_version(sysPath:sysPath, file_name:\"Quartz.dll\");\nif(!qzVer){\n exit(0);\n}\n\nif(hotfix_check_sp(winVista:3, winVistax64:3, win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:qzVer, test_version:\"6.6.6002.19747\"))\n {\n Vulnerable_range = \"Less than 6.6.6002.19747\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:qzVer, test_version:\"6.6.6002.24000\", test_version2:\"6.6.6002.24069\"))\n {\n Vulnerable_range = \"6.6.6002.24000 - 6.6.6002.24069\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\Quartz.dll\" + '\\n' +\n 'File version: ' + qzVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2020-12-09T19:52:46", "description": "Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5227", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5227"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5227", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5228", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5228"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/o:apple:tvos:6.0.2", "cpe:/o:apple:iphone_os:7.0.6", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:itunes:12.0", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5228", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:48", "description": "Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree, related to CompositeEditCommand.cpp and ReplaceSelectionCommand.cpp.", "edition": 5, "cvss3": {}, "published": "2013-12-07T00:55:00", "title": "CVE-2013-6635", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6635"], "modified": "2016-12-08T03:04:00", "cpe": ["cpe:/a:google:chrome:31.0.1650.23", "cpe:/a:google:chrome:31.0.1650.9", "cpe:/a:google:chrome:31.0.1650.30", "cpe:/a:google:chrome:31.0.1650.20", "cpe:/a:google:chrome:31.0.1650.34", "cpe:/a:google:chrome:31.0.1650.10", "cpe:/a:google:chrome:31.0.1650.54", "cpe:/a:google:chrome:31.0.1650.26", "cpe:/a:google:chrome:31.0.1650.31", "cpe:/a:google:chrome:31.0.1650.17", "cpe:/a:google:chrome:31.0.1650.42", "cpe:/a:google:chrome:31.0.1650.37", "cpe:/a:google:chrome:31.0.1650.2", "cpe:/a:google:chrome:31.0.1650.27", "cpe:/a:google:chrome:31.0.1650.35", "cpe:/a:google:chrome:31.0.1650.41", "cpe:/a:google:chrome:31.0.1650.61", "cpe:/a:google:chrome:31.0.1650.0", "cpe:/a:google:chrome:31.0.1650.8", "cpe:/a:google:chrome:31.0.1650.7", "cpe:/a:google:chrome:31.0.1650.18", "cpe:/a:google:chrome:31.0.1650.3", "cpe:/a:google:chrome:31.0.1650.48", "cpe:/a:google:chrome:31.0.1650.46", "cpe:/a:google:chrome:31.0.1650.53", "cpe:/a:google:chrome:31.0.1650.16", "cpe:/a:google:chrome:31.0.1650.62", "cpe:/a:google:chrome:31.0.1650.15", "cpe:/a:google:chrome:31.0.1650.33", "cpe:/a:google:chrome:31.0.1650.12", "cpe:/a:google:chrome:31.0.1650.39", "cpe:/a:google:chrome:31.0.1650.32", "cpe:/a:google:chrome:31.0.1650.13", "cpe:/a:google:chrome:31.0.1650.45", "cpe:/a:google:chrome:31.0.1650.55", "cpe:/a:google:chrome:31.0.1650.6", "cpe:/a:google:chrome:31.0.1650.5", "cpe:/a:google:chrome:31.0.1650.4", "cpe:/a:google:chrome:31.0.1650.25", "cpe:/a:google:chrome:31.0.1650.14", "cpe:/a:google:chrome:31.0.1650.43", "cpe:/a:google:chrome:31.0.1650.11", "cpe:/a:google:chrome:31.0.1650.36", "cpe:/a:google:chrome:31.0.1650.49", "cpe:/a:google:chrome:31.0.1650.50", "cpe:/a:google:chrome:31.0.1650.38", "cpe:/a:google:chrome:31.0.1650.52", "cpe:/a:google:chrome:31.0.1650.29", "cpe:/a:google:chrome:31.0.1650.51", "cpe:/a:google:chrome:31.0.1650.47", "cpe:/a:google:chrome:31.0.1650.19", "cpe:/a:google:chrome:31.0.1650.60", "cpe:/a:google:chrome:31.0.1650.58", "cpe:/a:google:chrome:31.0.1650.57", "cpe:/a:google:chrome:31.0.1650.44", "cpe:/a:google:chrome:31.0.1650.59", "cpe:/a:google:chrome:31.0.1650.22", "cpe:/a:google:chrome:31.0.1650.28"], "id": "CVE-2013-6635", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6635", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.59:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.60:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.55:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.61:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.54:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.58:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.57:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.53:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.62:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5197", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5197"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/o:apple:tvos:6.0.2", "cpe:/o:apple:iphone_os:7.0.6", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:itunes:12.0", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5197", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:48", "description": "Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM range objects in circumstances that require child node removal after a (1) mutation or (2) blur event.", "edition": 5, "cvss3": {}, "published": "2013-11-13T15:55:00", "title": "CVE-2013-6625", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6625"], "modified": "2017-09-19T01:36:00", "cpe": ["cpe:/a:google:chrome:31.0.1650.23", "cpe:/a:google:chrome:31.0.1650.9", "cpe:/a:google:chrome:31.0.1650.30", "cpe:/a:google:chrome:31.0.1650.20", "cpe:/a:google:chrome:31.0.1650.34", "cpe:/a:google:chrome:31.0.1650.10", "cpe:/a:google:chrome:31.0.1650.26", "cpe:/a:google:chrome:31.0.1650.31", "cpe:/a:google:chrome:31.0.1650.17", "cpe:/a:google:chrome:31.0.1650.42", "cpe:/a:google:chrome:31.0.1650.37", "cpe:/a:google:chrome:31.0.1650.2", "cpe:/a:google:chrome:31.0.1650.27", "cpe:/a:google:chrome:31.0.1650.35", "cpe:/a:google:chrome:31.0.1650.41", "cpe:/a:google:chrome:31.0.1650.0", "cpe:/a:google:chrome:31.0.1650.8", "cpe:/a:google:chrome:31.0.1650.7", "cpe:/a:google:chrome:31.0.1650.18", "cpe:/a:google:chrome:31.0.1650.3", "cpe:/a:google:chrome:31.0.1650.46", "cpe:/a:google:chrome:31.0.1650.16", "cpe:/a:google:chrome:31.0.1650.15", "cpe:/a:google:chrome:31.0.1650.33", "cpe:/a:google:chrome:31.0.1650.12", "cpe:/a:google:chrome:31.0.1650.39", "cpe:/a:google:chrome:31.0.1650.32", "cpe:/a:google:chrome:31.0.1650.13", "cpe:/a:google:chrome:31.0.1650.45", "cpe:/a:google:chrome:31.0.1650.6", "cpe:/a:google:chrome:31.0.1650.5", "cpe:/a:google:chrome:31.0.1650.4", "cpe:/a:google:chrome:31.0.1650.25", "cpe:/a:google:chrome:31.0.1650.14", "cpe:/a:google:chrome:31.0.1650.43", "cpe:/a:google:chrome:31.0.1650.11", "cpe:/a:google:chrome:31.0.1650.36", "cpe:/a:google:chrome:31.0.1650.38", "cpe:/a:google:chrome:31.0.1650.29", "cpe:/a:google:chrome:31.0.1650.47", "cpe:/a:google:chrome:31.0.1650.19", "cpe:/a:google:chrome:31.0.1650.44", "cpe:/a:google:chrome:31.0.1650.22", "cpe:/a:google:chrome:31.0.1650.28"], "id": "CVE-2013-6625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6625", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5196", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5196"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/o:apple:tvos:6.0.2", "cpe:/o:apple:iphone_os:7.0.6", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:itunes:12.0", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5196", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5199", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5199"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/o:apple:tvos:6.0.2", "cpe:/o:apple:iphone_os:7.0.6", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:itunes:12.0", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5199", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5199", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.", "edition": 5, "cvss3": {}, "published": "2013-12-18T16:04:00", "title": "CVE-2013-5198", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5198"], "modified": "2019-03-08T16:06:00", "cpe": ["cpe:/a:apple:safari:7.0", "cpe:/a:apple:safari:6.0.5", "cpe:/o:apple:tvos:6.0.2", "cpe:/o:apple:iphone_os:7.0.6", "cpe:/a:apple:webkit:*", "cpe:/a:apple:safari:6.0.4", "cpe:/a:apple:safari:6.0", "cpe:/a:apple:safari:6.0.2", "cpe:/a:apple:safari:6.1", "cpe:/a:apple:itunes:12.0", "cpe:/a:apple:safari:6.0.1", "cpe:/a:apple:safari:6.0.3"], "id": "CVE-2013-5198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:49", "description": "TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.", "edition": 5, "cvss3": {}, "published": "2014-03-14T10:55:00", "title": "CVE-2013-6835", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6835"], "modified": "2017-01-07T02:59:00", "cpe": ["cpe:/o:apple:iphone_os:7.0.6", "cpe:/o:apple:iphone_os:7.0", "cpe:/o:apple:iphone_os:7.0.5", "cpe:/o:apple:iphone_os:7.0.1", "cpe:/o:apple:iphone_os:7.0.4", "cpe:/o:apple:iphone_os:7.0.3", "cpe:/o:apple:iphone_os:7.0.2"], "id": "CVE-2013-6835", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6835", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:46", "description": "Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.", "edition": 5, "cvss3": {}, "published": "2014-03-14T10:55:00", "title": "CVE-2013-5133", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5133"], "modified": "2014-03-14T16:40:00", "cpe": ["cpe:/o:apple:iphone_os:7.0.6", "cpe:/o:apple:iphone_os:7.0", "cpe:/o:apple:iphone_os:7.0.5", "cpe:/o:apple:iphone_os:7.0.1", "cpe:/o:apple:iphone_os:7.0.4", "cpe:/o:apple:iphone_os:7.0.3", "cpe:/o:apple:iphone_os:7.0.2"], "id": "CVE-2013-5133", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5133", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2018-10-06T22:59:39", "bulletinFamily": "info", "cvelist": ["CVE-2013-2909", "CVE-2013-5195", "CVE-2013-5196", "CVE-2013-5227", "CVE-2013-5228"], "description": "Apple updated its Mac OS X Mavericks platform yesterday with a number of security fixes for the Safari browser and WebKit layout engine.\n\nThe operating system update will move users to [OS X Mavericks version 10.9.1](<http://support.apple.com/kb/HT6084>). It appears that the broad operating system release is merely a repackaging of [a bulletin fixing a single vulnerability in Apple\u2019s Safari browser and a second bulletin addressing eight vulnerabilities in the Cupertino, California-based company\u2019s WebKit rendering engine](<http://support.apple.com/kb/HT6082>).\n\nThe Safari patch fixes CVE-2013-5227, which was reported to Apple by Niklas Malmgren, a front-end developer for the mobile payments firm Klarna AB. The vulnerability relates to a bug in Safari\u2019s autofill feature that was pushing usernames and passwords into a subframe from a domain separate from the main frame containing the field where such information should have been entered. In other words, the Safari browser was leaking user credentials to an unexpected site with its autofill feature. Apple fixed the problem by improving the browser\u2019s origin tracking system.\n\nThe WebKit bulletin resolves CVE-2013-2909, reported by Atte Kettunen of the Oulu University Secure Programming Group, CVE-2013-5196, 5917, and 5225, reported by the Google Chrome security team, CVE-2013-5228, reported by the Keen Team working alongside H-P\u2019s Zero-Day Initiative, and CVE-2013-5195,5198, and 5199, each of which was reported internally by Apple. The vulnerabilities represent a series of memory corruption flaws in the WebKit layout engine. These vulnerabilities can be exploited on unpatched machines if users visit a maliciously crafted site, which can in turn lead to unexpected application termination or arbitrary code execution. They resolved these issues by implementing better memory handling.\n", "modified": "2013-12-17T16:45:10", "published": "2013-12-17T11:45:10", "id": "THREATPOST:9BAC5755415C910E301217E17E3133BC", "href": "https://threatpost.com/apple-os-x-mavericks-update-patches-safari-webkit/103215/", "type": "threatpost", "title": "Apple Fixes Security in WebKit, SAfari", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-06T22:59:06", "bulletinFamily": "info", "cvelist": ["CVE-2014-1289"], "description": "Apple has updated its Safari browser, dropping a pile of security fixes that patch more than 25 vulnerabilities in the WebKit framework.\n\nMany of the [vulnerabilities Apple repaired in Safari](<http://support.apple.com/kb/HT6181?viewlocale=en_US&locale=en_US>) can lead to remote code execution, depending upon the attack vector. There are a number of use-after-free vulnerabilities fixed in WebKit, along with some buffer overflows and other memory corruption issues. One of the vulnerabilities, CVE-2014-1289, for example, allows remote code execution.\n\n\u201cWebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site,\u201d the vulnerability description says.\n\nThat flaw was fixed in iOS and other products earlier this year but Apple just released the fix for Safari on Monday. Along with the 25 memory corruption vulnerabilities the company fixed, it also pushed out a patch for a separate issue in Safari that could enable an attacker to read arbitrary files on a user\u2019s machine.\n\n\u201cAn attacker running arbitrary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions. A logic issue existed in the handling of IPC messages from the WebProcess. This issue was addressed through additional validation of IPC messages,\u201d the Apple advisory says.\n\nMore than half of the WebKit flaws fixed in Safari 6.1.3 and 7.0.3 were discovered by the Google security team, which isn\u2019t unusual. Google Chrome uses the WebKit framework, too, and the company\u2019s security team is constantly looking for new vulnerabilities in it.\n", "modified": "2014-04-02T18:01:13", "published": "2014-04-02T07:20:27", "id": "THREATPOST:ABEA11AE947E374781FDDE1B4D657A2A", "href": "https://threatpost.com/apple-fixes-more-than-25-flaws-in-safari/105197/", "type": "threatpost", "title": "Apple Fixes More Than 25 Flaws in Safari", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2019-04-30T18:21:24", "bulletinFamily": "software", "cvelist": ["CVE-2013-6629"], "description": "\nF5 Product Development has assigned ID 440213 (BIG-IP), ID 572613 (BIG-IQ), and ID 572614 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H59503294 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP DNS| 12.0.0| 12.1.0| Low| libjpeg-turbo* \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| libjpeg \nlibjpeg-turbo* \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| libjpeg \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| libjpeg \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| libjpeg \nBIG-IQ ADC| 4.5.0| None| Low| libjpeg \nBIG-IQ Centralized Management| 4.6.0| None| Low| libjpeg \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| libjpeg \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n*The libjpeg-turbo package is installed on the BIG-IP system starting with version 12.0.0. BIG-IP versions prior to 12.0.0 only contain the libjpeg package.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "edition": 1, "modified": "2017-04-12T17:06:00", "published": "2016-02-19T11:29:00", "id": "F5:K59503294", "href": "https://support.f5.com/csp/article/K59503294", "title": "libjpeg vulnerability CVE-2013-6629", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:18", "bulletinFamily": "software", "cvelist": ["CVE-2013-6629"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n", "modified": "2016-05-23T00:00:00", "published": "2016-02-19T00:00:00", "id": "SOL59503294", "href": "http://support.f5.com/kb/en-us/solutions/public/k/59/sol59503294.html", "type": "f5", "title": "SOL59503294 - libjpeg vulnerability CVE-2013-6629", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:00", "bulletinFamily": "software", "cvelist": ["CVE-2012-1173", "CVE-2012-2088"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, or does not list a version that is later than the version you are currently running, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-01-29T00:00:00", "published": "2014-11-25T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15863.html", "id": "SOL15863", "title": "SOL15863 - Libtiff vulnerabilities CVE-2012-1173 and CVE-2012-2088", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "symantec": [{"lastseen": "2018-03-14T22:43:09", "bulletinFamily": "software", "cvelist": ["CVE-2013-6629"], "description": "### Description\n\nlibjpeg and libjpeg-turbo libraries are prone to a memory-corruption vulnerability. Attackers can exploit this issue to bypass Address Space Layout Randomization (ASLR) protection mechanisms of applications. This may aid in further attacks that may lead to arbitrary code execution.\n\n### Technologies Affected\n\n * Apple Apple TV 1.0 \n * Apple Apple TV 1.1.0 \n * Apple Apple TV 2.0.0 \n * Apple Apple TV 2.0.1 \n * Apple Apple TV 2.0.2 \n * Apple Apple TV 2.1 \n * Apple Apple TV 2.2.0 \n * Apple Apple TV 2.3.0 \n * Apple Apple TV 2.3.1 \n * Apple Apple TV 2.4.0 \n * Apple Apple TV 3.0.0 \n * Apple Apple TV 3.0.1 \n * Apple Apple TV 3.0.2 \n * Apple Apple TV 4.0 \n * Apple Apple TV 4.1 \n * Apple Apple TV 4.1.0 \n * Apple Apple TV 4.1.1 \n * Apple Apple TV 4.2 \n * Apple Apple TV 4.2.0 \n * Apple Apple TV 4.2.1 \n * Apple Apple TV 4.2.2 \n * Apple Apple TV 4.3 \n * Apple Apple TV 4.3.0 \n * Apple Apple TV 4.4 \n * Apple Apple TV 4.4.0 \n * Apple Apple TV 4.4.2 \n * Apple Apple TV 4.4.3 \n * Apple Apple TV 4.4.4 \n * Apple Apple TV 5.0 \n * Apple Apple TV 5.0.0 \n * Apple Apple TV 5.0.1 \n * Apple Apple TV 5.0.2 \n * Apple Apple TV 5.1 \n * Apple Apple TV 5.1.0 \n * Apple Apple TV 5.1.1 \n * Apple Apple TV 5.2 \n * Apple Apple TV 5.2.1 \n * Apple Apple TV 6.0 \n * Apple Apple TV 6.0.1 \n * Apple Apple TV 6.0.2 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8.5 \n * Apple Mac OS X 10.9 \n * Apple Mac OS X 10.9.1 \n * Apple Mac OS X Server 10.7.5 \n * Apple iOS 2.0 \n * Apple iOS 2.1 \n * Apple iOS 3.0 \n * Apple iOS 3.1 \n * Apple iOS 3.2 \n * Apple iOS 3.2.1 \n * Apple iOS 3.2.2 \n * Apple iOS 4 \n * Apple iOS 4.0.1 \n * Apple iOS 4.0.2 \n * Apple iOS 4.1 \n * Apple iOS 4.2 \n * Apple iOS 4.2 beta \n * Apple iOS 4.2.1 \n * Apple iOS 4.2.10 \n * Apple iOS 4.2.5 \n * Apple iOS 4.2.6 \n * Apple iOS 4.2.7 \n * Apple iOS 4.2.8 \n * Apple iOS 4.2.9 \n * Apple iOS 4.3 \n * Apple iOS 4.3.1 \n * Apple iOS 4.3.2 \n * Apple iOS 4.3.3 \n * Apple iOS 4.3.4 \n * Apple iOS 4.3.5 \n * Apple iOS 5 \n * Apple iOS 5.0.1 \n * Apple iOS 5.1 \n * Apple iOS 5.1.1 \n * Apple iOS 6 \n * Apple iOS 6 Beta 4 \n * Apple iOS 6 for Developer \n * Apple iOS 6.0.1 \n * Apple iOS 6.0.2 \n * Apple iOS 6.1 \n * Apple iOS 6.1.3 \n * Apple iOS 6.1.4 \n * Apple iOS 6.1.6 \n * Apple iOS 6.3.1 \n * Apple iOS 7 \n * Apple iOS 7.0.1 \n * Apple iOS 7.0.2 \n * Apple iOS 7.0.3 \n * Apple iOS 7.0.4 \n * Apple iOS 7.0.6 \n * Apple iPad \n * Apple iPhone 4.0 \n * Apple iPhone 5.1 \n * Apple iPod Touch \n * Avant Browser Avant Browser 2013 build 115 \n * Avant Force Avant Browser 2013 build 117 \n * Avant Force Avant Browser 2013 build 118 \n * Avant Force Avant Browser 2013 build 119 \n * Avaya Aura Application Enablement Services 5.0 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.0 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Enablement Services 6.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 2.1 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Collaboration Environment 2.0 \n * Avaya Aura Communication Manager 5.2 \n * Avaya Aura Communication Manager 5.2.1 \n * Avaya Aura Communication Manager Utility Services 1.1 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.2.4.0.15 \n * Avaya Aura Communication Manager Utility Services 6.2.5.0.15 \n * Avaya Aura Communication Manager Utility Services 6.3 \n * Avaya Aura Conferencing 6.0 SP1 Standard \n * Avaya Aura Conferencing 6.0 Standard \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Experience Portal 7.0 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1 SP1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 5.2.4 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.0.2 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.2.3 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura Session Manager 6.3.1 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.2.3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 1.1 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.2.1.0.9 \n * Avaya Aura System Platform 6.2.2 \n * Avaya Aura System Platform 6.3 \n * Avaya CMS R17ac.g \n * Avaya CMS R17ac.h \n * Avaya Communication Server 1000E 6.0 \n * Avaya Communication Server 1000E 7.0 \n * Avaya Communication Server 1000E 7.5 \n * Avaya Communication Server 1000E 7.6 \n * Avaya Communication Server 1000E Signaling Server 7.0 \n * Avaya Communication Server 1000E Signaling Server 7.5 \n * Avaya Communication Server 1000M 6.0 \n * Avaya Communication Server 1000M 7.0 \n * Avaya Communication Server 1000M 7.5 \n * Avaya Communication Server 1000M 7.6 \n * Avaya Communication Server 1000M Signaling Server 7.0 \n * Avaya Communication Server 1000M Signaling Server 7.5 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IP Office Server Edition 8.1 \n * Avaya IQ 5 \n * Avaya IQ 5.1 \n * Avaya IQ 5.1.1 \n * Avaya IQ 5.2 \n * Avaya Meeting Exchange 6.0 \n * Avaya Meeting Exchange 6.2 \n * Avaya Messaging Application Server 5.2 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Message Storage Server 5.2.1 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * Avaya one-X Client Enablement Services 6.1.1 \n * Avaya one-X Client Enablement Services 6.1.2 \n * Avaya one-X Client Enablement Services 6.2 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Debian Linux 6.0 amd64 \n * Debian Linux 6.0 arm \n * Debian Linux 6.0 ia-32 \n * Debian Linux 6.0 ia-64 \n * Debian Linux 6.0 mips \n * Debian Linux 6.0 powerpc \n * Debian Linux 6.0 s/390 \n * Debian Linux 6.0 sparc \n * Fedoraproject Fedora 18 \n * Fedoraproject Fedora 19 \n * Fedoraproject Fedora 20 \n * Gentoo Linux \n * Google Chrome 0.2.152.1 \n * Google Chrome 0.2.153.1 \n * Google Chrome 0.3.154 9 \n * Google Chrome 0.3.154.0 \n * Google Chrome 0.3.154.3 \n * Google Chrome 0.4.154.18 \n * Google Chrome 0.4.154.22 \n * Google Chrome 0.4.154.31 \n * Google Chrome 0.4.154.33 \n * Google Chrome 1.0.154.36 \n * Google Chrome 1.0.154.39 \n * Google Chrome 1.0.154.42 \n * Google Chrome 1.0.154.43 \n * Google Chrome 1.0.154.46 \n * Google Chrome 1.0.154.48 \n * Google Chrome 1.0.154.52 \n * Google Chrome 1.0.154.53 \n * Google Chrome 1.0.154.55 \n * Google Chrome 1.0.154.59 \n * Google Chrome 1.0.154.64 \n * Google Chrome 1.0.154.65 \n * Google Chrome 10 \n * Google Chrome 10.0.648.127 \n * Google Chrome 10.0.648.128 \n * Google Chrome 10.0.648.133 \n * Google Chrome 10.0.648.204 \n * Google Chrome 10.0.648.205 \n * Google Chrome 11 \n * Google Chrome 11.0.672.2 \n * Google Chrome 11.0.696.43 \n * Google Chrome 11.0.696.57 \n * Google Chrome 11.0.696.65 \n * Google Chrome 11.0.696.68 \n * Google Chrome 11.0.696.71 \n * Google Chrome 11.0.696.77 \n * Google Chrome 12 \n * Google Chrome 12.0.742.100 \n * Google Chrome 12.0.742.112 \n * Google Chrome 12.0.742.91 \n * Google Chrome 13 \n * Google Chrome 13.0.782.107 \n * Google Chrome 13.0.782.112 \n * Google Chrome 13.0.782.215 \n * Google Chrome 14 \n * Google Chrome 14.0.835.163 \n * Google Chrome 14.0.835.186 \n * Google Chrome 14.0.835.202 \n * Google Chrome 15 \n * Google Chrome 15.0.874 102 \n * Google Chrome 15.0.874.120 \n * Google Chrome 15.0.874.121 \n * Google Chrome 16 \n * Google Chrome 16.0.912.63 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.75 \n * Google Chrome 16.0.912.77 \n * Google Chrome 17 \n * Google Chrome 17.0.963.46 \n * Google Chrome 17.0.963.56 \n * Google Chrome 17.0.963.60 \n * Google Chrome 17.0.963.78 \n * Google Chrome 17.0.963.83 \n * Google Chrome 18 \n * Google Chrome 18.0.1025.142 \n * Google Chrome 18.0.1025.151 \n * Google Chrome 18.0.1025.162 \n * Google Chrome 18.0.1025.168 \n * Google Chrome 19 \n * Google Chrome 19.0.1084.21 \n * Google Chrome 19.0.1084.52 \n * Google Chrome 2.0.156.1 \n * Google Chrome 2.0.157.0 \n * Google Chrome 2.0.157.2 \n * Google Chrome 2.0.158.0 \n * Google Chrome 2.0.159.0 \n * Google Chrome 2.0.169.0 \n * Google Chrome 2.0.169.1 \n * Google Chrome 2.0.170.0 \n * Google Chrome 2.0.172 \n * Google Chrome 2.0.172.2 \n * Google Chrome 2.0.172.27 \n * Google Chrome 2.0.172.28 \n * Google Chrome 2.0.172.38 \n * Google Chrome 2.0.172.8 \n * Google Chrome 20.0.1132.23 \n * Google Chrome 20.0.1132.43 \n * Google Chrome 20.0.1132.57 \n * Google Chrome 21 \n * Google Chrome 21.0.1180.49 \n * Google Chrome 21.0.1180.50 \n * Google Chrome 21.0.1180.57 \n * Google Chrome 21.0.1180.60 \n * Google Chrome 21.0.1180.75 \n * Google Chrome 21.0.1180.79 \n * Google Chrome 21.0.1180.81 \n * Google Chrome 21.0.1180.82 \n * Google Chrome 21.0.1180.83 \n * Google Chrome 21.0.1180.89 \n * Google Chrome 22 \n * Google Chrome 22.0.1229.79 \n * Google Chrome 22.0.1229.92 \n * Google Chrome 22.0.1229.94 \n * Google Chrome 23.0.1271.64 \n * Google Chrome 23.0.1271.91 \n * Google Chrome 23.0.1271.95 \n * Google Chrome 23.0.1271.97 \n * Google Chrome 24.0.1312.52 \n * Google Chrome 24.0.1312.56 \n * Google Chrome 24.0.1312.57 \n * Google Chrome 24.0.1312.70 \n * Google Chrome 25 \n * Google Chrome 25.0.1364.152 \n * Google Chrome 25.0.1364.160 \n * Google Chrome 25.0.1364.172 \n * Google Chrome 25.0.1364.95 \n * Google Chrome 25.0.1364.97 \n * Google Chrome 25.0.1364.99 \n * Google Chrome 26.0.1410.28 \n * Google Chrome 26.0.1410.43 \n * Google Chrome 26.0.1410.46 \n * Google Chrome 26.0.1410.53 \n * Google Chrome 26.0.1410.63 \n * Google Chrome 26.0.1410.64 \n * Google Chrome 27.0.1444.3 \n * Google Chrome 27.0.1453.110 \n * Google Chrome 27.0.1453.93 \n * Google Chrome 28.0.1498.0 \n * Google Chrome 28.0.1500.53 \n * Google Chrome 28.0.1500.71 \n * Google Chrome 28.0.1500.95 \n * Google Chrome 29.0.1547.57 \n * Google Chrome 29.0.1547.76 \n * Google Chrome 3 \n * Google Chrome 3.0 Beta \n * Google Chrome 3.0.182.2 \n * Google Chrome 3.0.190.2 \n * Google Chrome 3.0.193.2 Beta \n * Google Chrome 3.0.195.2 \n * Google Chrome 3.0.195.21 \n * Google Chrome 3.0.195.25 \n * Google Chrome 3.0.195.27 \n * Google Chrome 3.0.195.36 \n * Google Chrome 3.0.195.37 \n * Google Chrome 30.0.1599.101 \n * Google Chrome 30.0.1599.66 \n * Google Chrome 4 \n * Google Chrome 5.0.306.0 \n * Google Chrome 5.0.307.1 \n * Google Chrome 5.0.308.0 \n * Google Chrome 5.0.309.0 \n * Google Chrome 5.0.313.0 \n * Google Chrome 5.0.314.0 \n * Google Chrome 5.0.315.0 \n * Google Chrome 5.0.316.0 \n * Google Chrome 5.0.317.0 \n * Google Chrome 5.0.318.0 \n * Google Chrome 5.0.319.0 \n * Google Chrome 5.0.320.0 \n * Google Chrome 5.0.321.0 \n * Google Chrome 5.0.322.0 \n * Google Chrome 5.0.323.0 \n * Google Chrome 5.0.324.0 \n * Google Chrome 5.0.325.0 \n * Google Chrome 5.0.326.0 \n * Google Chrome 6.0.397.0 \n * Google Chrome 6.0.398.0 \n * Google Chrome 6.0.399.0 \n * Google Chrome 6.0.400.0 \n * Google Chrome 6.0.408.0 \n * Google Chrome 6.0.408.1 \n * Google Chrome 7.0.497.0 \n * Google Chrome 7.0.498.0 \n * Google Chrome 7.0.499.0 \n * Google Chrome 7.0.499.1 \n * Google Chrome 7.0.500.0 \n * Google Chrome 8.0.549.0 \n * Google Chrome 8.0.551.0 \n * Google Chrome 8.0.551.1 \n * Google Chrome 8.0.552.0 \n * Google Chrome 8.0.552.1 \n * Google Chrome 8.0.552.10 \n * Google Chrome 8.0.552.100 \n * Google Chrome 8.0.552.101 \n * Google Chrome 8.0.552.102 \n * Google Chrome 8.0.552.103 \n * Google Chrome 8.0.552.104 \n * Google Chrome 8.0.552.105 \n * Google Chrome 8.0.552.11 \n * Google Chrome 8.0.552.12 \n * Google Chrome 8.0.552.13 \n * Google Chrome 8.0.552.14 \n * Google Chrome 8.0.552.15 \n * Google Chrome 8.0.552.16 \n * Google Chrome 8.0.552.17 \n * Google Chrome 8.0.552.18 \n * Google Chrome 8.0.552.19 \n * Google Chrome 8.0.552.2 \n * Google Chrome 8.0.552.20 \n * Google Chrome 8.0.552.200 \n * Google Chrome 8.0.552.201 \n * Google Chrome 8.0.552.202 \n * Google Chrome 8.0.552.203 \n * Google Chrome 8.0.552.204 \n * Google Chrome 8.0.552.205 \n * Google Chrome 8.0.552.206 \n * Google Chrome 8.0.552.207 \n * Google Chrome 8.0.552.208 \n * Google Chrome 8.0.552.209 \n * Google Chrome 8.0.552.21 \n * Google Chrome 8.0.552.210 \n * Google Chrome 8.0.552.211 \n * Google Chrome 8.0.552.212 \n * Google Chrome 8.0.552.213 \n * Google Chrome 8.0.552.214 \n * Google Chrome 8.0.552.215 \n * Google Chrome 8.0.552.216 \n * Google Chrome 8.0.552.217 \n * Google Chrome 8.0.552.218 \n * Google Chrome 8.0.552.219 \n * Google Chrome 8.0.552.220 \n * Google Chrome 8.0.552.221 \n * Google Chrome 8.0.552.222 \n * Google Chrome 8.0.552.223 \n * Google Chrome 8.0.552.224 \n * Google Chrome 8.0.552.225 \n * Google Chrome 8.0.552.226 \n * Google Chrome 8.0.552.237 \n * Google Chrome 8.0.552.300 \n * Google Chrome 8.0.552.301 \n * Google Chrome 8.0.552.302 \n * Google Chrome 8.0.552.303 \n * Google Chrome 8.0.552.304 \n * Google Chrome 8.0.552.305 \n * Google Chrome 8.0.552.306 \n * Google Chrome 8.0.552.307 \n * Google Chrome 8.0.552.308 \n * Google Chrome 8.0.552.309 \n * Google Chrome 8.0.552.310 \n * Google Chrome 8.0.552.344 \n * Google Chrome 9 \n * Google Chrome 9.0.597.107 \n * Google Chrome 9.0.597.84 \n * Google Chrome 9.0.597.94 \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.23 \n * HP HP-UX B.11.31 \n * Hitachi Cosminexus Application Server 05-00 (AIX) \n * Hitachi Cosminexus Application Server 05-00 (Windows) \n * Hitachi Cosminexus Application Server 05-00-/I (Windows) \n * Hitachi Cosminexus Application Server 05-00-/S (AIX) \n * Hitachi Cosminexus Application Server 05-01 (Windows) \n * Hitachi Cosminexus Application Server 05-01-/L (Windows) \n * Hitachi Cosminexus Application Server 05-02 (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (AIX) \n * Hitachi Cosminexus Application Server 05-05 (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (Linux) \n * Hitachi Cosminexus Application Server 05-05 (Windows) \n * Hitachi Cosminexus Application Server 05-05-/I (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/I (Linux) \n * Hitachi Cosminexus Application Server 05-05-/O (AIX) \n * Hitachi Cosminexus Application Server 05-05-/R (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/N (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/N (Windows) \n * Hitachi Cosminexus Client 06-00 (AIX) \n * Hitachi Cosminexus Client 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-00 (HP-UX) \n * Hitachi Cosminexus Client 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-00 (Linux) \n * Hitachi Cosminexus Client 06-00 (Windows) \n * Hitachi Cosminexus Client 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-00-/E (HP-UX) \n * Hitachi Cosminexus Client 06-00-/E (Linux) \n * Hitachi Cosminexus Client 06-00-/I (AIX) \n * Hitachi Cosminexus Client 06-00-/I (Windows) \n * Hitachi Cosminexus Client 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-02 (Linux) \n * Hitachi Cosminexus Client 06-02 (Windows) \n * Hitachi Cosminexus Client 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Client 06-02-/F (Linux) \n * Hitachi Cosminexus Client 06-02-/G (Windows) \n * Hitachi Cosminexus Client 06-50 (AIX) \n * Hitachi Cosminexus Client 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-50 (HP-UX) \n * Hitachi Cosminexus Client 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-50 (Linux) \n * Hitachi Cosminexus Client 06-50 (Solaris) \n * Hitachi Cosminexus Client 06-50 (Windows) \n * Hitachi Cosminexus Client 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-50-/C (Linux) \n * Hitachi Cosminexus Client 06-50-/C (Solaris) \n * Hitachi Cosminexus Client 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Client 06-50-/F (HP-UX) \n * Hitachi Cosminexus Client 06-50-/F (Windows) \n * Hitachi Cosminexus Client 06-50-/I (AIX) \n * Hitachi Cosminexus Client 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Client 06-51 (Linux) \n * Hitachi Cosminexus Client 06-51 (Windows) \n * Hitachi Cosminexus Client 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Client 06-51-/E (Linux) \n * Hitachi Cosminexus Client 06-51-/N (Windows) \n * Hitachi Cosminexus Developer 05-00 (AIX) \n * Hitachi Cosminexus Developer 05-00 (Windows) \n * Hitachi Cosminexus Developer 05-00-/I (Windows) \n * Hitachi Cosminexus Developer 05-00-/S (AIX) \n * Hitachi Cosminexus Developer 05-01 (Windows) \n * Hitachi Cosminexus Developer 05-01-/L (Windows) \n * Hitachi Cosminexus Developer 05-02 (HP-UX) \n * Hitachi Cosminexus Developer 05-02-/E (HP-UX) \n * Hitachi Cosminexus Developer 05-05 (AIX) \n * Hitachi Cosminexus Developer 05-05 (HP-UX) \n * Hitachi Cosminexus Developer 05-05 (Linux) \n * Hitachi Cosminexus Developer 05-05 (Windows) \n * Hitachi Cosminexus Developer 05-05-/I (HP-UX) \n * Hitachi Cosminexus Developer 05-05-/I (Linux) \n * Hitachi Cosminexus Developer 05-05-/O (AIX) \n * Hitachi Cosminexus Developer 05-05-/R (Windows) \n * Hitachi Cosminexus Developer Light 06-00 (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-02 (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-50 (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00 (AIX) \n * Hitachi Cosminexus Developer Professional 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00 (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00 (Linux) \n * Hitachi Cosminexus Developer Professional 06-00 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-00-/E (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-00-/E (Linux) \n * Hitachi Cosminexus Developer Professional 06-00-/I (AIX) \n * Hitachi Cosminexus Developer Professional 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-02 (Linux) \n * Hitachi Cosminexus Developer Professional 06-02 (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-02-/F (Linux) \n * Hitachi Cosminexus Developer Professional 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-50 (AIX) \n * Hitachi Cosminexus Developer Professional 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50 (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50 (Linux) \n * Hitachi Cosminexus Developer Professional 06-50 (Solaris) \n * Hitachi Cosminexus Developer Professional 06-50 (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Linux) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Solaris) \n * Hitachi Cosminexus Developer Professional 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Developer Professional 06-50-/F (HP-UX) \n * Hitachi Cosminexus Developer Professional 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/I (AIX) \n * Hitachi Cosminexus Developer Professional 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-51 (Linux) \n * Hitachi Cosminexus Developer Professional 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Developer Professional 06-51-/E (Linux) \n * Hitachi Cosminexus Developer Professional 06-51-/N (Windows) \n * Hitachi Cosminexus Developer Standard 06-00 (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-02 (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-50 (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-00 (AIX) \n * Hitachi Cosminexus Primary Server Base 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00 (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-00 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-00-/E (Linux) \n * Hitachi Cosminexus Primary Server Base 06-00-/I (AIX) \n * Hitachi Cosminexus Primary Server Base 06-00-/I (Windows) \n * Hitachi Cosminexus Primary Server Base 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-02 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-02 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-02-/F (Linux) \n * Hitachi Cosminexus Primary Server Base 06-02-/G (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50 (AIX) \n * Hitachi Cosminexus Primary Server Base 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50 (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-50 (Solaris) \n * Hitachi Cosminexus Primary Server Base 06-50 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50-/C (Linux) \n * Hitachi Cosminexus Primary Server Base 06-50-/C (Solaris) \n * Hitachi Cosminexus Primary Server Base 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-50-/F (HP-UX) \n * Hitachi Cosminexus Primary Server Base 06-50-/F (Windows) \n * Hitachi Cosminexus Primary Server Base 06-50-/I (AIX) \n * Hitachi Cosminexus Primary Server Base 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-51 (Linux) \n * Hitachi Cosminexus Primary Server Base 06-51 (Windows) \n * Hitachi Cosminexus Primary Server Base 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Primary Server Base 06-51-/E (Linux) \n * Hitachi Cosminexus Primary Server Base 06-51-/N (Windows) \n * Hitachi Cosminexus Studio 05-00 (AIX) \n * Hitachi Cosminexus Studio 05-00 (Windows) \n * Hitachi Cosminexus Studio 05-00-/I (Windows) \n * Hitachi Cosminexus Studio 05-00-/S (AIX) \n * Hitachi Cosminexus Studio 05-01 (Windows) \n * Hitachi Cosminexus Studio 05-01-/L (Windows) \n * Hitachi Cosminexus Studio 05-02 (HP-UX) \n * Hitachi Cosminexus Studio 05-02-/E (HP-UX) \n * Hitachi Cosminexus Studio 05-05 (AIX) \n * Hitachi Cosminexus Studio 05-05 (HP-UX) \n * Hitachi Cosminexus Studio 05-05 (Linux) \n * Hitachi Cosminexus Studio 05-05 (Windows) \n * Hitachi Cosminexus Studio 05-05-/I (HP-UX) \n * Hitachi Cosminexus Studio 05-05-/I (Linux) \n * Hitachi Cosminexus Studio 05-05-/O (AIX) \n * Hitachi Cosminexus Studio 05-05-/R (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/M (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 09-50 (Windows) \n * Hitachi uCosminexus Application Server Express 07-00 (AIX) \n * Hitachi uCosminexus Application Server Express 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 07-00 (Linux) \n * Hitachi uCosminexus Application Server Express 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Express 07-00 (Windows) \n * Hitachi uCosminexus Application Server Express 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Express 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Express 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Express 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-00 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-50 (Windows) \n * Hitachi uCosminexus Application Server Light 07-00 (AIX) \n * Hitachi uCosminexus Application Server Light 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Light 07-00 (Linux) \n * Hitachi uCosminexus Application Server Light 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Light 07-00 (Windows) \n * Hitachi uCosminexus Application Server Light 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Light 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Light 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Light 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Light 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Light 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Light 09-00 (AIX) \n * Hitachi uCosminexus Application Server Light 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Light 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Light 09-50 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (AIX) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (Linux) \n * Hitachi uCosminexus Application Server Smart Edition 07-00 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Smart Edition 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Smart Edition 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Smart Edition 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Smart Edition 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Standard 06-71 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard-R 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard-R 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard-R 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard-R 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard-R 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard-R 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard-R 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard-R 09-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard-R 09-50 (Windows) \n * Hitachi uCosminexus Client 06-70 (AIX) \n * Hitachi uCosminexus Client 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 06-70 (HP-UX) \n * Hitachi uCosminexus Client 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Client 06-70 (Linux) \n * Hitachi uCosminexus Client 06-70 (Solaris) \n * Hitachi uCosminexus Client 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Client 06-70 (Windows) \n * Hitachi uCosminexus Client 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Client 06-70-/E (HP-UX) \n * Hitachi uCosminexus Client 06-70-/F (Linux) \n * Hitachi uCosminexus Client 06-70-/F (Solaris) \n * Hitachi uCosminexus Client 06-70-/F (Windows) \n * Hitachi uCosminexus Client 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Client 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Client 06-70-/Q (AIX) \n * Hitachi uCosminexus Client 06-71 (Linux) \n * Hitachi uCosminexus Client 06-71 (Windows) \n * Hitachi uCosminexus Client 06-71-/I (Linux) \n * Hitachi uCosminexus Client 06-71-/M (Windows) \n * Hitachi uCosminexus Client 06-72 (HP-UX) \n * Hitachi uCosminexus Client 06-72-/D (HP-UX) \n * Hitachi uCosminexus Client 07-00 (AIX) \n * Hitachi uCosminexus Client 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 07-00 (Linux) \n * Hitachi uCosminexus Client 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client 07-00 (Windows) \n * Hitachi uCosminexus Client 07-10 (HP-UX) \n * Hitachi uCosminexus Client 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Client 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Client 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Client 08-50 (Windows(x64)) \n * Hitachi uCosminexus Client 09-00 (AIX) \n * Hitachi uCosminexus Client 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client 09-50 (Windows(x64)) \n * Hitachi uCosminexus Client 09-50 (Windows) \n * Hitachi uCosminexus Client for Plug-in 07-00 (AIX) \n * Hitachi uCosminexus Client for Plug-in 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Linux) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client for Plug-in 07-00 (Windows) \n * Hitachi uCosminexus Client for Plug-in 07-10 (HP-UX) \n * Hitachi uCosminexus Client for Plug-in 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Client for Plug-in 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Client for Plug-in 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Client for Plug-in 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Client for Plug-in 08-50 (Windows(x64)) \n * Hitachi uCosminexus Client for Plug-in 09-00 (AIX) \n * Hitachi uCosminexus Client for Plug-in 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Client for Plug-in 09-50 (Windows(x64)) \n * Hitachi uCosminexus Client for Plug-in 09-50 (Windows) \n * Hitachi uCosminexus Developer 01 07-00 (AIX) \n * Hitachi uCosminexus Developer 01 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer 01 07-00 (Linux) \n * Hitachi uCosminexus Developer 01 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer 01 07-00 (Windows) \n * Hitachi uCosminexus Developer 01 07-10 (HP-UX) \n * Hitachi uCosminexus Developer 01 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer 01 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer 01 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer 01 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer 01 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer 01 09-00 (AIX) \n * Hitachi uCosminexus Developer 01 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer 01 09-50 (Windows(x64)) \n * Hitachi uCosminexus Developer 01 09-50 (Windows) \n * Hitachi uCosminexus Developer Light 06-70 (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-71 (Windows) \n * Hitachi uCosminexus Developer Light 07-00 (AIX) \n * Hitachi uCosminexus Developer Light 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Light 07-00 (Linux) \n * Hitachi uCosminexus Developer Light 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Light 07-00 (Windows) \n * Hitachi uCosminexus Developer Light 07-10 (HP-UX) \n * Hitachi uCosminexus Developer Light 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer Light 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Light 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer Light 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer Light 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Light 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional 06-70 (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-71 (Windows) \n * Hitachi uCosminexus Developer Professional 07-00 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (AIX) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Linux) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-00 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-10 (HP-UX) \n * Hitachi uCosminexus Developer Professional for Plug-in 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 08-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-00 (AIX) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-50 (Windows(x64)) \n * Hitachi uCosminexus Developer Professional for Plug-in 09-50 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70 (AIX) \n * Hitachi uCosminexus Developer Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (Linux) \n * Hitachi uCosminexus Developer Standard 06-70 (Solaris) \n * Hitachi uCosminexus Developer Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/I (Linux(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Developer Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Developer Standard 06-71 (Linux) \n * Hitachi uCosminexus Developer Standard 06-71 (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Developer Standard 06-71-/M (Windows) \n * Hitachi uCosminexus Developer Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Developer Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Developer Standard 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-00 (AIX) \n * Hitachi uCosminexus Operator 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Operator 07-00 (Linux) \n * Hitachi uCosminexus Operator 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Operator 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-10 (HP-UX) \n * Hitachi uCosminexus Operator 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Operator 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Operator 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Operator 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Operator 08-50 (Windows(x64)) \n * Hitachi uCosminexus Operator 09-00 (AIX) \n * Hitachi uCosminexus Operator 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Operator 09-50 (Windows(x64)) \n * Hitachi uCosminexus Operator 09-50 (Windows) \n * Hitachi uCosminexus Primary Server Base 07-00 (AIX) \n * Hitachi uCosminexus Primary Server Base 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Primary Server Base 07-00 (Linux) \n * Hitachi uCosminexus Primary Server Base 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Primary Server Base 07-00 (Windows) \n * Hitachi uCosminexus Primary Server Base 07-10 (HP-UX) \n * Hitachi uCosminexus Primary Server Base 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Primary Server Base 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Primary Server Base 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Primary Server Base 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Primary Server Base 08-50 (Windows(x64)) \n * Hitachi uCosminexus Primary Server Base 09-00 (AIX) \n * Hitachi uCosminexus Primary Server Base 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Primary Server Base 09-50 (Windows(x64)) \n * Hitachi uCosminexus Primary Server Base 09-50 (Windows) \n * Hitachi uCosminexus Primary Server Base 09-60 (Linux) \n * Hitachi uCosminexus Service Architect 07-00 (AIX) \n * Hitachi uCosminexus Service Architect 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Architect 07-00 (Linux) \n * Hitachi uCosminexus Service Architect 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Architect 07-00 (Windows) \n * Hitachi uCosminexus Service Architect 07-10 (HP-UX) \n * Hitachi uCosminexus Service Architect 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Architect 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Architect 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Architect 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Architect 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Architect 09-00 (AIX) \n * Hitachi uCosminexus Service Architect 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Architect 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Architect 09-50 (Windows) \n * Hitachi uCosminexus Service Architect 09-60 (Linux) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (AIX) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Linux) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform - Messaging 07-00 (Windows) \n * Hitachi uCosminexus Service Platform - Messaging 07-10 (HP-UX) \n * Hitachi uCosminexus Service Platform - Messaging 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform - Messaging 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 09-00 (AIX) \n * Hitachi uCosminexus Service Platform - Messaging 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform - Messaging 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform - Messaging 09-50 (Windows) \n * Hitachi uCosminexus Service Platform 07-00 (AIX) \n * Hitachi uCosminexus Service Platform 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 07-00 (Linux) \n * Hitachi uCosminexus Service Platform 07-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform 07-00 (Windows) \n * Hitachi uCosminexus Service Platform 07-10 (HP-UX) \n * Hitachi uCosminexus Service Platform 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Service Platform 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Service Platform 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform 09-00 (AIX) \n * Hitachi uCosminexus Service Platform 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 09-50 (Windows(x64)) \n * Hitachi uCosminexus Service Platform 09-50 (Windows) \n * Hitachi uCosminexus Service Platform 09-60 (Linux) \n * Huawei eSpace IVS V100R001 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM CICS Transaction Gateway 7.0 \n * IBM CICS Transaction Gateway 7.1 \n * IBM CICS Transaction Gateway 7.2 \n * IBM CICS Transaction Gateway 8.0 \n * IBM CICS Transaction Gateway 8.1 \n * IBM CICS Transaction Gateway 9.0 \n * IBM Endpoint Manager for Remote Control 9.0.0 \n * IBM Endpoint Manager for Remote Control 9.0.1 \n * IBM Endpoint Manager for Remote Control 9.1.0 \n * IBM Forms Viewer 4.0 \n * IBM Forms Viewer 4.0.0 \n * IBM Forms Viewer 4.0.0.1 \n * IBM Forms Viewer 4.0.0.2 \n * IBM Forms Viewer 4.0.0.3 \n * IBM Forms Viewer 8.0 \n * IBM Forms Viewer 8.0.0 \n * IBM Forms Viewer 8.0.1 \n * IBM Forms Viewer 8.0.1.1 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 9.0.1.0 \n * IBM Lotus Domino 9.0.1.1 \n * IBM Maximo Asset Management 7.1.1 \n * IBM Maximo Asset Management 7.5 \n * IBM Rational DOORS Next Generation 4.0.0 \n * IBM Rational DOORS Next Generation 4.0.1 \n * IBM Rational DOORS Next Generation 4.0.2 \n * IBM Rational DOORS Next Generation 4.0.3 \n * IBM Rational DOORS Next Generation 4.0.4 \n * IBM Rational DOORS Next Generation 4.0.5 \n * IBM Rational DOORS Next Generation 4.0.6 \n * IBM Rational DOORS Next Generation 5.0 \n * IBM Rational Engineering Lifecycle Manager 1.0 \n * IBM Rational Engineering Lifecycle Manager 1.0.0.1 \n * IBM Rational Engineering Lifecycle Manager 4.0.3 \n * IBM Rational Engineering Lifecycle Manager 4.0.4 \n * IBM Rational Engineering Lifecycle Manager 4.0.5 \n * IBM Rational Engineering Lifecycle Manager 4.0.6 \n * IBM Rational Functional Tester 8.0 \n * IBM Rational Functional Tester 8.0.0.1 \n * IBM Rational Functional Tester 8.0.0.2 \n * IBM Rational Functional Tester 8.0.0.3 \n * IBM Rational Functional Tester 8.0.0.4 \n * IBM Rational Functional Tester 8.1 \n * IBM Rational Functional Tester 8.1.0.1 \n * IBM Rational Functional Tester 8.1.0.2 \n * IBM Rational Functional Tester 8.1.0.3 \n * IBM Rational Functional Tester 8.1.1 \n * IBM Rational Functional Tester 8.1.1.1 \n * IBM Rational Functional Tester 8.1.1.2 \n * IBM Rational Functional Tester 8.1.1.3 \n * IBM Rational Functional Tester 8.2 \n * IBM Rational Functional Tester 8.2.0.2 \n * IBM Rational Functional Tester 8.2.1 \n * IBM Rational Functional Tester 8.2.1.1 \n * IBM Rational Functional Tester 8.2.2 \n * IBM Rational Functional Tester 8.2.2.1 \n * IBM Rational Functional Tester 8.3 \n * IBM Rational Functional Tester 8.3.0.1 \n * IBM Rational Functional Tester 8.3.0.2 \n * IBM Rational Functional Tester 8.5 \n * IBM Rational Functional Tester 8.5.0.1 \n * IBM Rational Functional Tester 8.5.1 \n * IBM Rational Functional Tester 8.5.1.1 \n * IBM Rational Functional Tester 8.5.1.2 \n * IBM Rational Quality Manager 2.0 \n * IBM Rational Quality Manager 2.0.1 \n * IBM Rational Quality Manager 3.0 \n * IBM Rational Quality Manager 3.0.1.1 \n * IBM Rational Quality Manager 3.0.1.2 \n * IBM Rational Quality Manager 3.0.1.3 \n * IBM Rational Quality Manager 3.0.1.4 \n * IBM Rational Quality Manager 3.0.1.5 \n * IBM Rational Quality Manager 3.0.1.6 \n * IBM Rational Quality Manager 4.0 \n * IBM Rational Quality Manager 4.0.1 \n * IBM Rational Quality Manager 4.0.2 \n * IBM Rational Quality Manager 4.0.3 \n * IBM Rational Quality Manager 4.0.4 \n * IBM Rational Quality Manager 4.0.5 \n * IBM Rational Quality Manager 4.0.6 \n * IBM Rational Quality Manager 5.0 \n * IBM Rational Requirements Composer 2.0 \n * IBM Rational Requirements Composer 2.0.0.1 \n * IBM Rational Requirements Composer 2.0.0.2 \n * IBM Rational Requirements Composer 2.0.0.4 \n * IBM Rational Requirements Composer 3.0 \n * IBM Rational Requirements Composer 3.0.1 \n * IBM Rational Requirements Composer 3.0.1.1 \n * IBM Rational Requirements Composer 3.0.1.2 \n * IBM Rational Requirements Composer 3.0.1.3 \n * IBM Rational Requirements Composer 3.0.1.4 \n * IBM Rational Requirements Composer 3.0.1.5 \n * IBM Rational Requirements Composer 3.0.1.6 \n * IBM Rational Requirements Composer 4.0 \n * IBM Rational Requirements Composer 4.0.0 \n * IBM Rational Requirements Composer 4.0.1 \n * IBM Rational Requirements Composer 4.0.2 \n * IBM Rational Requirements Composer 4.0.3 \n * IBM Rational Requirements Composer 4.0.4 \n * IBM Rational Requirements Composer 4.0.5 \n * IBM Rational Requirements Composer 4.0.6 \n * IBM Rational Rhapsody Design Manager 3.0 \n * IBM Rational Rhapsody Design Manager 3.0.1 \n * IBM Rational Rhapsody Design Manager 4.0 \n * IBM Rational Rhapsody Design Manager 4.0.1 \n * IBM Rational Rhapsody Design Manager 4.0.2 \n * IBM Rational Rhapsody Design Manager 4.0.3 \n * IBM Rational Rhapsody Design Manager 4.0.4 \n * IBM Rational Rhapsody Design Manager 4.0.5 \n * IBM Rational Rhapsody Design Manager 4.0.6 \n * IBM Rational Rhpasody Design Manager 5.0 \n * IBM Rational Software Architect Design Manager 3.0 \n * IBM Rational Software Architect Design Manager 3.0.0 \n * IBM Rational Software Architect Design Manager 3.0.1 \n * IBM Rational Software Architect Design Manager 4.0.0 \n * IBM Rational Software Architect Design Manager 4.0.1 \n * IBM Rational Software Architect Design Manager 4.0.2 \n * IBM Rational Software Architect Design Manager 4.0.3 \n * IBM Rational Software Architect Design Manager 4.0.4 \n * IBM Rational Software Architect Design Manager 4.0.5 \n * IBM Rational Software Architect Design Manager 4.0.6 \n * IBM Rational Software Architect Design Manager 5.0 \n * IBM Rational Team Concert 2.0 \n * IBM Rational Team Concert 2.0.0.1 \n * IBM Rational Team Concert 2.0.0.2 \n * IBM Rational Team Concert 3.0 \n * IBM Rational Team Concert 3.0.1 \n * IBM Rational Team Concert 3.0.1.2 \n * IBM Rational Team Concert 3.0.1.3 \n * IBM Rational Team Concert 3.0.1.4 \n * IBM Rational Team Concert 3.0.1.5 \n * IBM Rational Team Concert 3.0.1.6 \n * IBM Rational Team Concert 4.0 \n * IBM Rational Team Concert 4.0.1 \n * IBM Rational Team Concert 4.0.2 \n * IBM Rational Team Concert 4.0.3 \n * IBM Rational Team Concert 4.0.4 \n * IBM Rational Team Concert 4.0.5 \n * IBM Rational Team Concert 4.0.6 \n * IBM Rational Team Concert 5.0 \n * IBM Security SiteProtector System 2.9 \n * IBM Security SiteProtector System 3.0 \n * IBM Security SiteProtector System 3.1 \n * IBM TS7720 Virtualization Engine 3957-VEA \n * IBM TS7740 Virtualization Engine 3957-V06 \n * IBM TS7740 Virtualization Engine 3957-V07 \n * IBM Tivoli Application Dependency Discovery Manager 7.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.6 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.4 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Monitoring 6.2.0 \n * IBM Tivoli Monitoring 6.2.1 \n * IBM Tivoli Monitoring 6.2.2 \n * IBM Tivoli Monitoring 6.2.3 \n * IBM Tivoli Monitoring 6.3.0 \n * IBM Tivoli Storage Productivity Center 4.1.1 \n * IBM Tivoli Storage Productivity Center 4.2.0 \n * IBM Tivoli Storage Productivity Center 4.2.1 \n * IBM Tivoli Storage Productivity Center 4.2.1.185 \n * IBM Tivoli Storage Productivity Center 4.2.2 \n * IBM Tivoli Storage Productivity Center 4.2.2.143 \n * IBM Tivoli Storage Productivity Center 4.2.2.145 \n * IBM Tivoli Storage Productivity Center 4.2.2.177 \n * IBM Tivoli Storage Productivity Center 4.2.2.178 \n * IBM Tivoli Storage Productivity Center 5.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.2 \n * IBM Tivoli Storage Productivity Center 5.1.1.3 \n * IBM Tivoli Storage Productivity Center 5.1.1.4 \n * IBM Tivoli Storage Productivity Center 5.2.0 \n * IBM Tivoli Storage Productivity Center 5.2.1.0 \n * IBM Tivoli Storage Productivity Center 5.2.1.1 \n * IBM Tivoli Storage Productivity Center 5.2.2 \n * IBM Vios 2.1.2.13 \n * IBM Vios 2.2.0.10 \n * IBM Vios 2.2.0.12 \n * IBM Vios 2.2.0.13 \n * IBM Vios 2.2.1.0 \n * IBM Vios 2.2.1.1 \n * IBM Vios 2.2.1.3 \n * IBM Vios 2.2.1.4 \n * IBM Vios 2.2.1.8 \n * IBM Vios 2.2.1.9 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.4 \n * IBM Vios 2.2.2.5 \n * IBM Vios 2.2.3 \n * IBM Vios 2.2.3.0 \n * IBM Vios 2.2.3.2 \n * IBM Vios 2.2.3.3 \n * IBM Web Sphere Real Time 3 Service Refresh 6 Fix Pack 1 \n * IBM i 6.1 \n * IBM i 7.1 \n * IBM i 7.2.0 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Mandriva Enterprise Server 5 \n * Mandriva Enterprise Server 5 X86 64 \n * Microsoft Mono Framework 4.8.1.0 \n * Microsoft Mono Framework 5.0.0.48 \n * Microsoft Silverlight 5.0 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n * Mozilla Firefox 0.1 \n * Mozilla Firefox 0.10.0 \n * Mozilla Firefox 0.10.1 \n * Mozilla Firefox 0.2 \n * Mozilla Firefox 0.3 \n * Mozilla Firefox 0.4 \n * Mozilla Firefox 0.5 \n * Mozilla Firefox 0.6 \n * Mozilla Firefox 0.6.1 \n * Mozilla Firefox 0.7 \n * Mozilla Firefox 0.8.0 \n * Mozilla Firefox 0.9.0 \n * Mozilla Firefox 0.9.0 Rc \n * Mozilla Firefox 0.9.1 \n * Mozilla Firefox 0.9.2 \n * Mozilla Firefox 0.9.3 \n * Mozilla Firefox 1.0 Preview Release \n * Mozilla Firefox 1.0.0 \n * Mozilla Firefox 1.0.1 \n * Mozilla Firefox 1.0.2 \n * Mozilla Firefox 1.0.3 \n * Mozilla Firefox 1.0.4 \n * Mozilla Firefox 1.0.5 \n * Mozilla Firefox 1.0.6 \n * Mozilla Firefox 1.0.7 \n * Mozilla Firefox 1.0.8 \n * Mozilla Firefox 1.4.1 \n * Mozilla Firefox 1.5.0 12 \n * Mozilla Firefox 1.5.0 \n * Mozilla Firefox 1.5.0 Beta 1 \n * Mozilla Firefox 1.5.0 Beta 2 \n * Mozilla Firefox 1.5.0.1 \n * Mozilla Firefox 1.5.0.10 \n * Mozilla Firefox 1.5.0.11 \n * Mozilla Firefox 1.5.0.2 \n * Mozilla Firefox 1.5.0.3 \n * Mozilla Firefox 1.5.0.4 \n * Mozilla Firefox 1.5.0.5 \n * Mozilla Firefox 1.5.0.6 \n * Mozilla Firefox 1.5.0.7 \n * Mozilla Firefox 1.5.0.8 \n * Mozilla Firefox 1.5.0.9 \n * Mozilla Firefox 1.5.1 \n * Mozilla Firefox 1.5.2 \n * Mozilla Firefox 1.5.3 \n * Mozilla Firefox 1.5.4 \n * Mozilla Firefox 1.5.5 \n * Mozilla Firefox 1.5.6 \n * Mozilla Firefox 1.5.7 \n * Mozilla Firefox 1.5.8 \n * Mozilla Firefox 1.8 \n * Mozilla Firefox 10 \n * Mozilla Firefox 10.0 \n * Mozilla Firefox 10.0.1 \n * Mozilla Firefox 10.0.2 \n * Mozilla Firefox 11.0 \n * Mozilla Firefox 12.0 \n * Mozilla Firefox 13.0 \n * Mozilla Firefox 14 \n * Mozilla Firefox 14.0 \n * Mozilla Firefox 14.01 \n * Mozilla Firefox 15 \n * Mozilla Firefox 15.0.1 \n * Mozilla Firefox 16 \n * Mozilla Firefox 16.0.1 \n * Mozilla Firefox 16.0.2 \n * Mozilla Firefox 17.0 \n * Mozilla Firefox 17.0.1 \n * Mozilla Firefox 18.0 \n * Mozilla Firefox 19.0 \n * Mozilla Firefox 19.0.2 \n * Mozilla Firefox 2.0 \n * Mozilla Firefox 2.0 Beta 1 \n * Mozilla Firefox 2.0 RC2 \n * Mozilla Firefox 2.0 RC3 \n * Mozilla Firefox 2.0.0 .19 \n * Mozilla Firefox 2.0.0 20 \n * Mozilla Firefox 2.0.0.1 \n * Mozilla Firefox 2.0.0.10 \n * Mozilla Firefox 2.0.0.11 \n * Mozilla Firefox 2.0.0.12 \n * Mozilla Firefox 2.0.0.13 \n * Mozilla Firefox 2.0.0.14 \n * Mozilla Firefox 2.0.0.15 \n * Mozilla Firefox 2.0.0.16 \n * Mozilla Firefox 2.0.0.17 \n * Mozilla Firefox 2.0.0.18 \n * Mozilla Firefox 2.0.0.19 \n * Mozilla Firefox 2.0.0.2 \n * Mozilla Firefox 2.0.0.3 \n * Mozilla Firefox 2.0.0.4 \n * Mozilla Firefox 2.0.0.5 \n * Mozilla Firefox 2.0.0.6 \n * Mozilla Firefox 2.0.0.7 \n * Mozilla Firefox 2.0.0.8 \n * Mozilla Firefox 2.0.0.9 \n * Mozilla Firefox 20.0 \n * Mozilla Firefox 20.0.1 \n * Mozilla Firefox 21.0 \n * Mozilla Firefox 22.0 \n * Mozilla Firefox 23.0 \n * Mozilla Firefox 24.0 \n * Mozilla Firefox 25.0 \n * Mozilla Firefox 25.0.1 \n * Mozilla Firefox 3.0 \n * Mozilla Firefox 3.0 Beta 5 \n * Mozilla Firefox 3.0.1 \n * Mozilla Firefox 3.0.10 \n * Mozilla Firefox 3.0.11 \n * Mozilla Firefox 3.0.12 \n * Mozilla Firefox 3.0.13 \n * Mozilla Firefox 3.0.14 \n * Mozilla Firefox 3.0.15 \n * Mozilla Firefox 3.0.16 \n * Mozilla Firefox 3.0.17 \n * Mozilla Firefox 3.0.18 \n * Mozilla Firefox 3.0.19 \n * Mozilla Firefox 3.0.2 \n * Mozilla Firefox 3.0.3 \n * Mozilla Firefox 3.0.4 \n * Mozilla Firefox 3.0.5 \n * Mozilla Firefox 3.0.6 \n * Mozilla Firefox 3.0.7 \n * Mozilla Firefox 3.0.7 Beta \n * Mozilla Firefox 3.0.8 \n * Mozilla Firefox 3.0.9 \n * Mozilla Firefox 3.1 \n * Mozilla Firefox 3.1 Beta 1 \n * Mozilla Firefox 3.1 Beta 2 \n * Mozilla Firefox 3.1 Beta 3 \n * Mozilla Firefox 3.5.0 \n * Mozilla Firefox 3.5.1 \n * Mozilla Firefox 3.5.10 \n * Mozilla Firefox 3.5.11 \n * Mozilla Firefox 3.5.12 \n * Mozilla Firefox 3.5.13 \n * Mozilla Firefox 3.5.14 \n * Mozilla Firefox 3.5.14 \n * Mozilla Firefox 3.5.15 \n * Mozilla Firefox 3.5.16 \n * Mozilla Firefox 3.5.18 \n * Mozilla Firefox 3.5.19 \n * Mozilla Firefox 3.5.2 \n * Mozilla Firefox 3.5.3 \n * Mozilla Firefox 3.5.4 \n * Mozilla Firefox 3.5.5 \n * Mozilla Firefox 3.5.6 \n * Mozilla Firefox 3.5.7 \n * Mozilla Firefox 3.5.8 \n * Mozilla Firefox 3.5.9 \n * Mozilla Firefox 3.6 \n * Mozilla Firefox 3.6 Beta 2 \n * Mozilla Firefox 3.6 Beta 3 \n * Mozilla Firefox 3.6.10 \n * Mozilla Firefox 3.6.11 \n * Mozilla Firefox 3.6.12 \n * Mozilla Firefox 3.6.13 \n * Mozilla Firefox 3.6.14 \n * Mozilla Firefox 3.6.15 \n * Mozilla Firefox 3.6.16 \n * Mozilla Firefox 3.6.17 \n * Mozilla Firefox 3.6.18 \n * Mozilla Firefox 3.6.19 \n * Mozilla Firefox 3.6.2 \n * Mozilla Firefox 3.6.20 \n * Mozilla Firefox 3.6.21 \n * Mozilla Firefox 3.6.22 \n * Mozilla Firefox 3.6.23 \n * Mozilla Firefox 3.6.24 \n * Mozilla Firefox 3.6.25 \n * Mozilla Firefox 3.6.26 \n * Mozilla Firefox 3.6.27 \n * Mozilla Firefox 3.6.28 \n * Mozilla Firefox 3.6.3 \n * Mozilla Firefox 3.6.4 \n * Mozilla Firefox 3.6.5 \n * Mozilla Firefox 3.6.6 \n * Mozilla Firefox 3.6.7 \n * Mozilla Firefox 3.6.8 \n * Mozilla Firefox 3.6.9 \n * Mozilla Firefox 4.0 \n * Mozilla Firefox 4.0 BETA2 \n * Mozilla Firefox 4.0 Beta1 \n * Mozilla Firefox 4.0 Beta10 \n * Mozilla Firefox 4.0 Beta11 \n * Mozilla Firefox 4.0 Beta12 \n * Mozilla Firefox 4.0 Beta3 \n * Mozilla Firefox 4.0 Beta4 \n * Mozilla Firefox 4.0 Beta5 \n * Mozilla Firefox 4.0 Beta6 \n * Mozilla Firefox 4.0 Beta7 \n * Mozilla Firefox 4.0 Beta8 \n * Mozilla Firefox 4.0 Beta9 \n * Mozilla Firefox 4.0.1 \n * Mozilla Firefox 5.0 \n * Mozilla Firefox 5.0.1 \n * Mozilla Firefox 6 \n * Mozilla Firefox 6.0 \n * Mozilla Firefox 6.0.1 \n * Mozilla Firefox 6.0.2 \n * Mozilla Firefox 7 \n * Mozilla Firefox 7.0 \n * Mozilla Firefox 7.0.1 \n * Mozilla Firefox 8.0 \n * Mozilla Firefox 8.0.1 \n * Mozilla Firefox 9.0 \n * Mozilla Firefox 9.0.1 \n * Mozilla Firefox ESR 10.0.10 \n * Mozilla Firefox ESR 10.0.11 \n * Mozilla Firefox ESR 10.0.12 \n * Mozilla Firefox ESR 10.0.2 \n * Mozilla Firefox ESR 10.0.3 \n * Mozilla Firefox ESR 10.0.4 \n * Mozilla Firefox ESR 10.0.5 \n * Mozilla Firefox ESR 10.0.6 \n * Mozilla Firefox ESR 10.0.7 \n * Mozilla Firefox ESR 10.0.8 \n * Mozilla Firefox ESR 10.0.9 \n * Mozilla Firefox ESR 17.0.1 \n * Mozilla Firefox ESR 17.0.10 \n * Mozilla Firefox ESR 17.0.11 \n * Mozilla Firefox ESR 17.0.2 \n * Mozilla Firefox ESR 17.0.3 \n * Mozilla Firefox ESR 17.0.4 \n * Mozilla Firefox ESR 17.0.6 \n * Mozilla Firefox ESR 17.0.7 \n * Mozilla Firefox ESR 17.0.8 \n * Mozilla Firefox ESR 17.0.9 \n * Mozilla Firefox ESR 24.1 \n * Mozilla Firefox ESR 24.1.1 \n * Mozilla SeaMonkey 1.0 \n * Mozilla SeaMonkey 1.0 Alpha \n * Mozilla SeaMonkey 1.0 Beta \n * Mozilla SeaMonkey 1.0 Dev \n * Mozilla SeaMonkey 1.0.1 \n * Mozilla SeaMonkey 1.0.2 \n * Mozilla SeaMonkey 1.0.3 \n * Mozilla SeaMonkey 1.0.4 \n * Mozilla SeaMonkey 1.0.5 \n * Mozilla SeaMonkey 1.0.6 \n * Mozilla SeaMonkey 1.0.7 \n * Mozilla SeaMonkey 1.0.8 \n * Mozilla SeaMonkey 1.0.9 \n * Mozilla SeaMonkey 1.0.99 \n * Mozilla SeaMonkey 1.1 \n * Mozilla SeaMonkey 1.1 Alpha \n * Mozilla SeaMonkey 1.1 Beta \n * Mozilla SeaMonkey 1.1.1 \n * Mozilla SeaMonkey 1.1.10 \n * Mozilla SeaMonkey 1.1.11 \n * Mozilla SeaMonkey 1.1.12 \n * Mozilla SeaMonkey 1.1.13 \n * Mozilla SeaMonkey 1.1.14 \n * Mozilla SeaMonkey 1.1.15 \n * Mozilla SeaMonkey 1.1.16 \n * Mozilla SeaMonkey 1.1.17 \n * Mozilla SeaMonkey 1.1.18 \n * Mozilla SeaMonkey 1.1.19 \n * Mozilla SeaMonkey 1.1.2 \n * Mozilla SeaMonkey 1.1.3 \n * Mozilla SeaMonkey 1.1.4 \n * Mozilla SeaMonkey 1.1.5 \n * Mozilla SeaMonkey 1.1.6 \n * Mozilla SeaMonkey 1.1.7 \n * Mozilla SeaMonkey 1.1.8 \n * Mozilla SeaMonkey 1.1.9 \n * Mozilla SeaMonkey 1.5.0.10 \n * Mozilla SeaMonkey 1.5.0.8 \n * Mozilla SeaMonkey 1.5.0.9 \n * Mozilla SeaMonkey 2.0 \n * Mozilla SeaMonkey 2.0 Alpha 1 \n * Mozilla SeaMonkey 2.0 Alpha 2 \n * Mozilla SeaMonkey 2.0 Alpha 3 \n * Mozilla SeaMonkey 2.0 Beta 1 \n * Mozilla SeaMonkey 2.0 Beta 2 \n * Mozilla SeaMonkey 2.0 RC1 \n * Mozilla SeaMonkey 2.0 RC2 \n * Mozilla SeaMonkey 2.0.1 \n * Mozilla SeaMonkey 2.0.10 \n * Mozilla SeaMonkey 2.0.11 \n * Mozilla SeaMonkey 2.0.12 \n * Mozilla SeaMonkey 2.0.13 \n * Mozilla SeaMonkey 2.0.14 \n * Mozilla SeaMonkey 2.0.2 \n * Mozilla SeaMonkey 2.0.3 \n * Mozilla SeaMonkey 2.0.4 \n * Mozilla SeaMonkey 2.0.5 \n * Mozilla SeaMonkey 2.0.6 \n * Mozilla SeaMonkey 2.0.7 \n * Mozilla SeaMonkey 2.0.8 \n * Mozilla SeaMonkey 2.0.9 \n * Mozilla SeaMonkey 2.1 \n * Mozilla SeaMonkey 2.1 Alpha1 \n * Mozilla SeaMonkey 2.1 Alpha2 \n * Mozilla SeaMonkey 2.1 Alpha3 \n * Mozilla SeaMonkey 2.10 \n * Mozilla SeaMonkey 2.11 \n * Mozilla SeaMonkey 2.12 \n * Mozilla SeaMonkey 2.13 \n * Mozilla SeaMonkey 2.13.1 \n * Mozilla SeaMonkey 2.13.2 \n * Mozilla SeaMonkey 2.14 \n * Mozilla SeaMonkey 2.15 \n * Mozilla SeaMonkey 2.16 \n * Mozilla SeaMonkey 2.16.1 \n * Mozilla SeaMonkey 2.17 \n * Mozilla SeaMonkey 2.1b2 \n * Mozilla SeaMonkey 2.2 \n * Mozilla SeaMonkey 2.20 \n * Mozilla SeaMonkey 2.21 \n * Mozilla SeaMonkey 2.22 \n * Mozilla SeaMonkey 2.22.1 \n * Mozilla SeaMonkey 2.3 \n * Mozilla SeaMonkey 2.4 \n * Mozilla SeaMonkey 2.5 \n * Mozilla SeaMonkey 2.6 \n * Mozilla SeaMonkey 2.7 \n * Mozilla SeaMonkey 2.7.1 \n * Mozilla SeaMonkey 2.7.2 \n * Mozilla SeaMonkey 2.8 \n * Mozilla SeaMonkey 2.9 \n * Mozilla Thunderbird 0.1 \n * Mozilla Thunderbird 0.2 \n * Mozilla Thunderbird 0.3 \n * Mozilla Thunderbird 0.4 \n * Mozilla Thunderbird 0.5 \n * Mozilla Thunderbird 0.6.0 \n * Mozilla Thunderbird 0.7.0 \n * Mozilla Thunderbird 0.7.1 \n * Mozilla Thunderbird 0.7.2 \n * Mozilla Thunderbird 0.7.3 \n * Mozilla Thunderbird 0.8.0 \n * Mozilla Thunderbird 0.9.0 \n * Mozilla Thunderbird 1.0.0 \n * Mozilla Thunderbird 1.0.1 \n * Mozilla Thunderbird 1.0.2 \n * Mozilla Thunderbird 1.0.3 \n * Mozilla Thunderbird 1.0.5 \n * Mozilla Thunderbird 1.0.5 Beta \n * Mozilla Thunderbird 1.0.6 \n * Mozilla Thunderbird 1.0.7 \n * Mozilla Thunderbird 1.0.8 \n * Mozilla Thunderbird 1.5.0 \n * Mozilla Thunderbird 1.5.0 Beta 2 \n * Mozilla Thunderbird 1.5.0.1 \n * Mozilla Thunderbird 1.5.0.10 \n * Mozilla Thunderbird 1.5.0.11 \n * Mozilla Thunderbird 1.5.0.12 \n * Mozilla Thunderbird 1.5.0.13 \n * Mozilla Thunderbird 1.5.0.14 \n * Mozilla Thunderbird 1.5.0.2 \n * Mozilla Thunderbird 1.5.0.3 \n * Mozilla Thunderbird 1.5.0.4 \n * Mozilla Thunderbird 1.5.0.5 \n * Mozilla Thunderbird 1.5.0.6 \n * Mozilla Thunderbird 1.5.0.7 \n * Mozilla Thunderbird 1.5.0.8 \n * Mozilla Thunderbird 1.5.0.9 \n * Mozilla Thunderbird 1.5.1 \n * Mozilla Thunderbird 1.5.2 \n * Mozilla Thunderbird 1.7.1 \n * Mozilla Thunderbird 1.7.3 \n * Mozilla Thunderbird 10.0 \n * Mozilla Thunderbird 10.0.1 \n * Mozilla Thunderbird 10.0.2 \n * Mozilla Thunderbird 11.0 \n * Mozilla Thunderbird 12.0 \n * Mozilla Thunderbird 13.0 \n * Mozilla Thunderbird 14 \n * Mozilla Thunderbird 14.0 \n * Mozilla Thunderbird 15 \n * Mozilla Thunderbird 16 \n * Mozilla Thunderbird 16.0.1 \n * Mozilla Thunderbird 16.0.2 \n * Mozilla Thunderbird 17.0 \n * Mozilla Thunderbird 17.0.2 \n * Mozilla Thunderbird 17.0.3 \n * Mozilla Thunderbird 17.0.4 \n * Mozilla Thunderbird 17.0.5 \n * Mozilla Thunderbird 17.0.6 \n * Mozilla Thunderbird 17.0.7 \n * Mozilla Thunderbird 17.0.8 \n * Mozilla Thunderbird 2.0 \n * Mozilla Thunderbird 2.0.0 .19 \n * Mozilla Thunderbird 2.0.0.0 \n * Mozilla Thunderbird 2.0.0.1 \n * Mozilla Thunderbird 2.0.0.11 \n * Mozilla Thunderbird 2.0.0.12 \n * Mozilla Thunderbird 2.0.0.13 \n * Mozilla Thunderbird 2.0.0.14 \n * Mozilla Thunderbird 2.0.0.15 \n * Mozilla Thunderbird 2.0.0.16 \n * Mozilla Thunderbird 2.0.0.17 \n * Mozilla Thunderbird 2.0.0.18 \n * Mozilla Thunderbird 2.0.0.2 \n * Mozilla Thunderbird 2.0.0.20 \n * Mozilla Thunderbird 2.0.0.21 \n * Mozilla Thunderbird 2.0.0.22 \n * Mozilla Thunderbird 2.0.0.23 \n * Mozilla Thunderbird 2.0.0.24 \n * Mozilla Thunderbird 2.0.0.3 \n * Mozilla Thunderbird 2.0.0.4 \n * Mozilla Thunderbird 2.0.0.5 \n * Mozilla Thunderbird 2.0.0.6 \n * Mozilla Thunderbird 2.0.0.7 \n * Mozilla Thunderbird 2.0.0.8 \n * Mozilla Thunderbird 2.0.0.9 \n * Mozilla Thunderbird 2.0.14 \n * Mozilla Thunderbird 2.1 \n * Mozilla Thunderbird 24.0 \n * Mozilla Thunderbird 24.1 \n * Mozilla Thunderbird 3.0 \n * Mozilla Thunderbird 3.0.1 \n * Mozilla Thunderbird 3.0.10 \n * Mozilla Thunderbird 3.0.11 \n * Mozilla Thunderbird 3.0.2 \n * Mozilla Thunderbird 3.0.3 \n * Mozilla Thunderbird 3.0.4 \n * Mozilla Thunderbird 3.0.5 \n * Mozilla Thunderbird 3.0.6 \n * Mozilla Thunderbird 3.0.7 \n * Mozilla Thunderbird 3.0.8 \n * Mozilla Thunderbird 3.0.9 \n * Mozilla Thunderbird 3.1 \n * Mozilla Thunderbird 3.1.1 \n * Mozilla Thunderbird 3.1.10 \n * Mozilla Thunderbird 3.1.11 \n * Mozilla Thunderbird 3.1.12 \n * Mozilla Thunderbird 3.1.13 \n * Mozilla Thunderbird 3.1.14 \n * Mozilla Thunderbird 3.1.15 \n * Mozilla Thunderbird 3.1.16 \n * Mozilla Thunderbird 3.1.17 \n * Mozilla Thunderbird 3.1.18 \n * Mozilla Thunderbird 3.1.19 \n * Mozilla Thunderbird 3.1.2 \n * Mozilla Thunderbird 3.1.20 \n * Mozilla Thunderbird 3.1.3 \n * Mozilla Thunderbird 3.1.4 \n * Mozilla Thunderbird 3.1.5 \n * Mozilla Thunderbird 3.1.6 \n * Mozilla Thunderbird 3.1.7 \n * Mozilla Thunderbird 3.1.8 \n * Mozilla Thunderbird 3.1.9 \n * Mozilla Thunderbird 3.3 \n * Mozilla Thunderbird 5 \n * Mozilla Thunderbird 5.0 \n * Mozilla Thunderbird 6 \n * Mozilla Thunderbird 6.0 \n * Mozilla Thunderbird 6.0.1 \n * Mozilla Thunderbird 6.0.2 \n * Mozilla Thunderbird 7.0 \n * Mozilla Thunderbird 7.0.1 \n * Mozilla Thunderbird 8.0 \n * Mozilla Thunderbird 9.0 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0 Update 65 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_34 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_43 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0 Update 45 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_17 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 36 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 38 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 39 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 40 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 41 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 45 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 51 \n * Oracle JDK (Solaris Production Release) 1.5.0 Update 55 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 22 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 23 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 24 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 25 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 26 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 27 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 29 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 30 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 31 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 32 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 33 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 34 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 35 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 37 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 38 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 39 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 41 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 43 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 45 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 51 \n * Oracle JDK (Solaris Production Release) 1.6.0 Update 60 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_34 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_39 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update 40 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update1 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update10 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update11 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update13 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update15 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update17 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update2 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update21 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update25 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update3 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update4 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update5 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update6 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update7 \n * Oracle JDK (Solaris Production Release) 1.7.0 Update9 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_13 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.5.0_51 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_39 \n * Oracle JDK (Windows Production Release) 1.6.0_60 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_17 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_40 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK 1.5.0 \n * Oracle JDK(Linux Production Release) 1.5.0_40 \n * Oracle JDK(Linux Production Release) 1.5.0_41 \n * Oracle JDK(Linux Production Release) 1.5.0_45 \n * Oracle JDK(Linux Production Release) 1.5.0_51 \n * Oracle JDK(Linux Production Release) 1.5.0_55 \n * Oracle JDK(Linux Production Release) 1.5.0_61 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_41 \n * Oracle JDK(Linux Production Release) 1.6.0_43 \n * Oracle JDK(Linux Production Release) 1.6.0_45 \n * Oracle JDK(Linux Production Release) 1.6.0_60 \n * Oracle JDK(Linux Production Release) 1.6.0_65 \n * Oracle JDK(Linux Production Release) 1.6.0_71 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_13 \n * Oracle JDK(Linux Production Release) 1.7.0_14 \n * Oracle JDK(Linux Production Release) 1.7.0_15 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_21 \n * Oracle JDK(Linux Production Release) 1.7.0_25 \n * Oracle JDK(Linux Production Release) 1.7.0_40 \n * Oracle JDK(Linux Production Release) 1.7.0_45 \n * Oracle JDK(Linux Production Release) 1.7.0_51 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Linux Production Release) 1.8.0 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_40 \n * Oracle JDK(Solaris Production Release) 1.5.0_41 \n * Oracle JDK(Solaris Production Release) 1.5.0_45 \n * Oracle JDK(Solaris Production Release) 1.5.0_51 \n * Oracle JDK(Solaris Production Release) 1.5.0_55 \n * Oracle JDK(Solaris Production Release) 1.5.0_61 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_41 \n * Oracle JDK(Solaris Production Release) 1.6.0_43 \n * Oracle JDK(Solaris Production Release) 1.6.0_45 \n * Oracle JDK(Solaris Production Release) 1.6.0_60 \n * Oracle JDK(Solaris Production Release) 1.6.0_65 \n * Oracle JDK(Solaris Production Release) 1.6.0_71 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_14 \n * Oracle JDK(Solaris Production Release) 1.7.0_15 \n * Oracle JDK(Solaris Production Release) 1.7.0_17 \n * Oracle JDK(Solaris Production Release) 1.7.0_21 \n * Oracle JDK(Solaris Production Release) 1.7.0_25 \n * Oracle JDK(Solaris Production Release) 1.7.0_40 \n * Oracle JDK(Solaris Production Release) 1.7.0_45 \n * Oracle JDK(Solaris Production Release) 1.7.0_51 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.8.0 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_40 \n * Oracle JDK(Windows Production Release) 1.5.0_41 \n * Oracle JDK(Windows Production Release) 1.5.0_45 \n * Oracle JDK(Windows Production Release) 1.5.0_55 \n * Oracle JDK(Windows Production Release) 1.5.0_61 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_41 \n * Oracle JDK(Windows Production Release) 1.6.0_43 \n * Oracle JDK(Windows Production Release) 1.6.0_45 \n * Oracle JDK(Windows Production Release) 1.6.0_65 \n * Oracle JDK(Windows Production Release) 1.6.0_71 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_14 \n * Oracle JDK(Windows Production Release) 1.7.0_15 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_21 \n * Oracle JDK(Windows Production Release) 1.7.0_25 \n * Oracle JDK(Windows Production Release) 1.7.0_45 \n * Oracle JDK(Windows Production Release) 1.7.0_51 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.8.0 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_17 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_21 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 36 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 38 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 39 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 40 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 41 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 45 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 51 \n * Oracle JRE (Solaris Production Release) 1.5.0 Update 55 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 19 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 22 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 23 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 24 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 25 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 26 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 27 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 29 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 30 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 31 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 32 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 33 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 34 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 35 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 37 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 38 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 39 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 41 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 43 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 45 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 51 \n * Oracle JRE (Solaris Production Release) 1.6.0 Update 60 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.6.0_43 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update 40 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update1 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update10 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update11 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update13 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update15 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update17 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update2 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update21 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update25 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update3 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update4 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update5 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update6 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update7 \n * Oracle JRE (Solaris Production Release) 1.7.0 Update9 \n * Oracle JRE (Solaris Production Release) 1.7.0_17 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.5.0_45 \n * Oracle JRE (Windows Production Release) 1.5.0_51 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_31 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_33 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_37 \n * Oracle JRE (Windows Production Release) 1.6.0_38 \n * Oracle JRE (Windows Production Release) 1.6.0_43 \n * Oracle JRE (Windows Production Release) 1.6.0_45 \n * Oracle JRE (Windows Production Release) 1.6.0_60 \n * Oracle JRE (Windows Production Release) 1.7.0_17 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_21 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_40 \n * Oracle JRE (Windows Production Release) 1.7.0_45 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE 1.5.0 Update 22 \n * Oracle JRE 1.6.0 Update 34 \n * Oracle JRE 1.6.0 Update 35 \n * Oracle JRE 1.6.0 Update 41 \n * Oracle JRE 1.6.0 Update 65 \n * Oracle JRE 1.7 Update 10 \n * Oracle JRE 1.7.0 \n * Oracle JRE 1.7.0 Update 1 \n * Oracle JRE 1.7.0 Update 10 \n * Oracle JRE 1.7.0 Update 11 \n * Oracle JRE 1.7.0 Update 12 \n * Oracle JRE 1.7.0 Update 13 \n * Oracle JRE 1.7.0 Update 14 \n * Oracle JRE 1.7.0 Update 15 \n * Oracle JRE 1.7.0 Update 2 \n * Oracle JRE 1.7.0 Update 20 \n * Oracle JRE 1.7.0 Update 21 \n * Oracle JRE 1.7.0 Update 25 \n * Oracle JRE 1.7.0 Update 3 \n * Oracle JRE 1.7.0 Update 4 \n * Oracle JRE 1.7.0 Update 45 \n * Oracle JRE 1.7.0 Update 5 \n * Oracle JRE 1.7.0 Update 6 \n * Oracle JRE 1.7.0 Update 7 \n * Oracle JRE 1.7.0 Update 8 \n * Oracle JRE 1.7.0 Update 9 \n * Oracle JRE 6 update 39 \n * Oracle JRE(Linux Production Release) 1.5.0_40 \n * Oracle JRE(Linux Production Release) 1.5.0_41 \n * Oracle JRE(Linux Production Release) 1.5.0_45 \n * Oracle JRE(Linux Production Release) 1.5.0_51 \n * Oracle JRE(Linux Production Release) 1.5.0_55 \n * Oracle JRE(Linux Production Release) 1.5.0_61 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_41 \n * Oracle JRE(Linux Production Release) 1.6.0_43 \n * Oracle JRE(Linux Production Release) 1.6.0_45 \n * Oracle JRE(Linux Production Release) 1.6.0_60 \n * Oracle JRE(Linux Production Release) 1.6.0_65 \n * Oracle JRE(Linux Production Release) 1.6.0_71 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_13 \n * Oracle JRE(Linux Production Release) 1.7.0_14 \n * Oracle JRE(Linux Production Release) 1.7.0_15 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_25 \n * Oracle JRE(Linux Production Release) 1.7.0_40 \n * Oracle JRE(Linux Production Release) 1.7.0_45 \n * Oracle JRE(Linux Production Release) 1.7.0_51 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Linux Production Release) 1.8.0 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_40 \n * Oracle JRE(Solaris Production Release) 1.5.0_41 \n * Oracle JRE(Solaris Production Release) 1.5.0_45 \n * Oracle JRE(Solaris Production Release) 1.5.0_51 \n * Oracle JRE(Solaris Production Release) 1.5.0_55 \n * Oracle JRE(Solaris Production Release) 1.5.0_61 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_41 \n * Oracle JRE(Solaris Production Release) 1.6.0_43 \n * Oracle JRE(Solaris Production Release) 1.6.0_45 \n * Oracle JRE(Solaris Production Release) 1.6.0_60 \n * Oracle JRE(Solaris Production Release) 1.6.0_65 \n * Oracle JRE(Solaris Production Release) 1.6.0_71 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_12 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_14 \n * Oracle JRE(Solaris Production Release) 1.7.0_15 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_21 \n * Oracle JRE(Solaris Production Release) 1.7.0_25 \n * Oracle JRE(Solaris Production Release) 1.7.0_40 \n * Oracle JRE(Solaris Production Release) 1.7.0_45 \n * Oracle JRE(Solaris Production Release) 1.7.0_51 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.8.0 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_40 \n * Oracle JRE(Windows Production Release) 1.5.0_41 \n * Oracle JRE(Windows Production Release) 1.5.0_55 \n * Oracle JRE(Windows Production Release) 1.5.0_61 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_41 \n * Oracle JRE(Windows Production Release) 1.6.0_43 \n * Oracle JRE(Windows Production Release) 1.6.0_65 \n * Oracle JRE(Windows Production Release) 1.6.0_71 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_14 \n * Oracle JRE(Windows Production Release) 1.7.0_15 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_25 \n * Oracle JRE(Windows Production Release) 1.7.0_45 \n * Oracle JRE(Windows Production Release) 1.7.0_51 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.8.0 \n * Oracle Java JRE 1.5 \n * Oracle Java JRE 1.5.0.15 \n * Oracle Java JRE 1.6.0_37 \n * Oracle Java JRE 7 Update 51 \n * Oracle Java SE Embedded 7u25 \n * Oracle Java SE Embedded 7u40 \n * Oracle Java SE Embedded 7u45 \n * Oracle Java SE Embedded 7u51 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux Desktop Workstation 5 Client \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Resilient Storage EUS 6.5.z \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Server EUS 6.5.z \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Slackware Linux 13.0 \n * Slackware Linux 13.1 \n * Slackware Linux 13.37 \n * Slackware Linux 14.0 \n * Slackware Linux 14.1 \n * SuSE Linux Enterprise Server 11 SP2 LTSS \n * SuSE Manager (for SLE 11 SP2) 1.7 \n * SuSE SUSE Linux Enterprise Java 11 SP3 \n * SuSE SUSE Linux Enterprise Server 10 SP3 LTSS \n * SuSE SUSE Linux Enterprise Server 10 SP4 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP1 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP3 \n * SuSE SUSE Linux Enterprise Server 11 SP3 for VMware \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP3 \n * SuSE Suse Linux Enterprise Desktop 11 SP3 \n * SuSE openSUSE 11.4 \n * SuSE openSUSE 12.2 \n * SuSE openSUSE 12.3 \n * SuSE openSUSE 13.1 \n * Ubuntu Ubuntu Linux 10.04.LTS \n * Ubuntu Ubuntu Linux 12.04 LTS \n * Ubuntu Ubuntu Linux 12.10 \n * Ubuntu Ubuntu Linux 13.04 \n * Ubuntu Ubuntu Linux 13.10 \n * VMWare Vcenter Update Manager 5.5 \n * VMWare vCenter Server 5.5 \n * libjpeg libjpeg \n * libjpeg-turbo libjpeg-turbo \n * openSUSE openSUSE 12.3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nEnsure that all nonadministrative tasks, such as browsing the web and reading email, are performed as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from a successful exploit.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nTo prevent a successful exploit of script-execution vulnerabilities, disable support for script code and active content within the client browser. Note that this tactic might adversely affect websites that rely on HTML or script code.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit memory corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-11-12T00:00:00", "published": "2013-11-12T00:00:00", "id": "SMNTC-63676", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/63676", "type": "symantec", "title": "libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2926", "CVE-2013-2925", "CVE-2013-2927", "CVE-2013-2928"], "edition": 1, "description": "\nGoogle Chrome Releases reports:\n\n5 security fixes in this release, including:\n\n[292422] High CVE-2013-2925: Use after free in XHR. Credit to\n\t Atte Kettunen of OUSPG.\n[294456] High CVE-2013-2926: Use after free in editing. Credit\n\t to cloudfuzzer.\n[297478] High CVE-2013-2927: Use after free in forms. Credit\n\t to cloudfuzzer.\n[305790] High CVE-2013-2928: Various fixes from internal\n\t audits, fuzzing and other initiatives.\n\n\n", "modified": "2013-10-15T00:00:00", "published": "2013-10-15T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/710cd5d5-35cb-11e3-85f9-00262d5ed8ee.html", "id": "710CD5D5-35CB-11E3-85F9-00262D5ED8EE", "title": "chromium -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2020-06-22T11:42:23", "bulletinFamily": "info", "cvelist": ["CVE-2013-5228"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebCore::DocumentOrderedMap objects. By manipulating a document's elements an attacker can free arbitrary memory and force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2013-06-22T00:00:00", "published": "2013-12-20T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-13-286/", "id": "ZDI-13-286", "title": "(Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-22T11:40:47", "bulletinFamily": "info", "cvelist": ["CVE-2014-1290"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of isindex elements. The issue lies in setting attributes to invalid values. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2014-06-22T00:00:00", "published": "2014-04-03T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-057/", "id": "ZDI-14-057", "title": "Apple Mobile Safari isindex Use-After-Free Remote Code Execution Vulnerability ", "type": "zdi", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:02", "description": "", "published": "2014-03-11T00:00:00", "type": "packetstorm", "title": "Apple Facetime Information Disclosure", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6835"], "modified": "2014-03-11T00:00:00", "id": "PACKETSTORM:125659", "href": "https://packetstormsecurity.com/files/125659/Apple-Facetime-Information-Disclosure.html", "sourceData": "` \n- Affected Vendor: https://www.apple.com/ \n- Affected Software: Safari/Facetime on iOS \n- Affected Version: iOS 7 prior to 7.1 \n- Issue Type: Lack of user confirmation leading to a call being established, revealing the user's identity (phone number or email address) \n- Release Date: March 10, 2014 \n- Discovered by: Guillaume Ross / @gepeto42 \n- CVE Identifier: CVE-2013-6835 \n- Issue Status: Vendor has published iOS 7.1 which resolves this issue by adding a prompt before establishing the call. \n \n**Summary** \n \nFacetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. \nThe URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site. \n \nBy entering the URL in an inline frame, the attack is automated, and similar to a CSRF attack across apps. Safari does not prompt the user before establishing the call. \n \n**Impact** \n \nA user browsing the web could click a malicious link or load a page containing a malicious link within an inline frame. The user would then automatically contact the phone number or email address specified in the URL, revealing his identity to the attacker. \n \n**Proof of Concept** \n \nEntering the following URL in iOS would trigger the call to the email address specified: facetime-audio://user@host.com \n \nThis inline frame would have the user call the specified email address as soon as the HTML page is loaded, without prompting the user: \n \n<iframe src=\"facetime-audio://user@host.com\"></iframe> \n \nSecurity Content of iOS 7.1: http://support.apple.com/kb/HT6162 \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/125659/applefacetime-disclose.txt"}, {"lastseen": "2016-12-05T22:25:13", "description": "", "published": "2014-03-14T00:00:00", "type": "packetstorm", "title": "iOS 7 Arbitrary Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1287"], "modified": "2014-03-14T00:00:00", "id": "PACKETSTORM:125727", "href": "https://packetstormsecurity.com/files/125727/iOS-7-Arbitrary-Code-Execution.html", "sourceData": "`~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nVulnerability Summary \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nTitle iOS 7 arbitrary code execution in kernel mode \nRelease Date 14 March 2014 \nReference NGS00596 \nDiscoverer Andy Davis \nVendor Apple \nVendor Reference 600217059 \nSystems Affected iPhone 4 and later, iPod touch (5th generation) and later, \niPad 2 and later \nCVE Reference CVE-2014-1287 \nRisk High \nStatus Fixed \n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nResolution Timeline \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nDiscovered 26 September 2013 \nReported 26 September 2013 \nReleased 26 September 2013 \nFixed 10 March 2014 \nPublished 14 March 2014 \n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nVulnerability Description \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nWhen a specific value is supplied in USB Endpoint descriptor for a HID device \nthe Apple device kernel panics and reboots \n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nTechnical Details \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nThe bug can be triggered using umap (https://github.com/nccgroup/umap) \nas follows: \n \nsudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46 \n \nbMaxPacketSize = 0xff \n \nIncident Identifier: F0856C91-7616-4DAC-9907-C504401D9951 \nCrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b \nHardware Model: iPhone3,1 \nDate/Time: 2013-09-26 12:35:46.892 +0100 \nOS Version: iOS 7.0 (11A465) \n \npanic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1, \nfault_addr=0x28 \nr0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe \nr4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78 \nr8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001 \nr12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8 \ncpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028 \n \nDebugger message: panic \nOS version: 11A465 \nKernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; \nroot:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X \niBoot version: iBoot-1940.1.75 \nsecure boot?: YES \nPaniclog version: 1 \nKernel slide: 0x0000000008200000 \nKernel text base: 0x88201000 \nEpoch Time: sec usec \nBoot : 0x52441b69 0x00000000 \nSleep : 0x00000000 0x00000000 \nWake : 0x00000000 0x00000000 \nCalendar: 0x52441bb5 0x00056497 \n \nPanicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task \npanicked thread: 0x8023de90, backtrace: 0x87ff3a48 \nlr: 0x88317889 fp: 0x87ff3a7c \nlr: 0x883181f7 fp: 0x87ff3ab0 \nlr: 0x882b783b fp: 0x87ff3ad4 \nlr: 0x882220a5 fp: 0x87ff3ba0 \nlr: 0x8821c7c4 fp: 0x87ff3d78 \nlr: 0x88af8687 fp: 0x87ff3da8 \nlr: 0x8828b5bd fp: 0x87ff3dd0 \nlr: 0x889d6d29 fp: 0x87ff3df0 \nlr: 0x889da2f3 fp: 0x87ff3e18 \nlr: 0x8828b5bd fp: 0x87ff3e40 \nlr: 0x889da14f fp: 0x87ff3e7c \nlr: 0x88acb8e7 fp: 0x87ff3eb8 \nlr: 0x88ac9815 fp: 0x87ff3ed4 \nlr: 0x884b24d3 fp: 0x87ff3f60 \nlr: 0x882cf869 fp: 0x87ff3fa8 \nlr: 0x8821f05c fp: 0x00000000 \n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nFix Information \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nA patch can be downloaded from the following location: \nhttp://support.apple.com/kb/HT1222 \n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \nNCC Group \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. \n \nResearch https://www.nccgroup.com/research \nTwitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec \nOpen Source https://github.com/nccgroup \nBlog https://www.nccgroup.com/en/blog/cyber-security/ \nSlideShare http://www.slideshare.net/NCC_Group/ \n \n \nFor more information please visit <a href=\"http://www.mimecast.com\">http://www.mimecast.com<br> \nThis email message has been delivered safely and archived online by Mimecast. \n</a> \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/125727/ios7-exec.txt"}], "exploitdb": [{"lastseen": "2016-02-04T09:32:09", "description": "Apple iOS 4.2.1 'facetime-audio://' Security Bypass Vulnerability. CVE-2013-6835. Remote exploit for ios platform", "published": "2014-03-10T00:00:00", "type": "exploitdb", "title": "Apple iOS <= 4.2.1 'facetime-audio://' Security Bypass Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6835"], "modified": "2014-03-10T00:00:00", "id": "EDB-ID:39114", "href": "https://www.exploit-db.com/exploits/39114/", "sourceData": "source: http://www.securityfocus.com/bid/66108/info\r\n\r\nApple iOS is affected by a security-bypass vulnerability.\r\n\r\nSuccessfully exploiting this issue may allow an attacker to bypass certain security warnings. This may aid in further attacks.\r\n\r\nThese issues affect Apple iOS versions prior to 7.1.\r\n\r\n<iframe src=\"facetime-audio://user () host com\"></iframe> ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/39114/"}, {"lastseen": "2016-02-03T16:44:55", "description": "iOS 7 - Kernel Mode Memory Corruption. CVE-2014-1287. Dos exploit for ios platform", "published": "2014-03-17T00:00:00", "type": "exploitdb", "title": "iOS 7 - Kernel Mode Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1287"], "modified": "2014-03-17T00:00:00", "id": "EDB-ID:32333", "href": "https://www.exploit-db.com/exploits/32333/", "sourceData": "~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Vulnerability Summary\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Title iOS 7 arbitrary code execution in kernel mode\r\n Release Date 14 March 2014\r\n Reference NGS00596\r\n Discoverer Andy Davis \r\n Vendor Apple\r\n Vendor Reference 600217059\r\n Systems Affected iPhone 4 and later, iPod touch (5th generation) and later, \r\n iPad 2 and later\r\n CVE Reference CVE-2014-1287\r\n Risk High\r\n Status Fixed\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Resolution Timeline\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Discovered 26 September 2013\r\n Reported 26 September 2013\r\n Released 26 September 2013\r\n Fixed 10 March 2014\r\n Published 14 March 2014\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Vulnerability Description \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n When a specific value is supplied in USB Endpoint descriptor for a HID device \r\n the Apple device kernel panics and reboots\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Technical Details\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n The bug can be triggered using umap (https://github.com/nccgroup/umap)\r\n as follows:\r\n\r\n sudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46\r\n\r\n bMaxPacketSize = 0xff\r\n\r\n Incident Identifier: F0856C91-7616-4DAC-9907-C504401D9951\r\n CrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b\r\n Hardware Model: iPhone3,1\r\n Date/Time: 2013-09-26 12:35:46.892 +0100\r\n OS Version: iOS 7.0 (11A465)\r\n\r\n panic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1, \r\n fault_addr=0x28\r\n r0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe\r\n r4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78\r\n r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001\r\n r12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8\r\n cpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028\r\n\r\n Debugger message: panic\r\n OS version: 11A465\r\n Kernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; \r\n root:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X\r\n iBoot version: iBoot-1940.1.75\r\n secure boot?: YES\r\n Paniclog version: 1\r\n Kernel slide: 0x0000000008200000\r\n Kernel text base: 0x88201000\r\n Epoch Time: sec usec\r\n Boot : 0x52441b69 0x00000000\r\n Sleep : 0x00000000 0x00000000\r\n Wake : 0x00000000 0x00000000\r\n Calendar: 0x52441bb5 0x00056497\r\n\r\n Panicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task\r\n panicked thread: 0x8023de90, backtrace: 0x87ff3a48\r\n lr: 0x88317889 fp: 0x87ff3a7c\r\n lr: 0x883181f7 fp: 0x87ff3ab0\r\n lr: 0x882b783b fp: 0x87ff3ad4\r\n lr: 0x882220a5 fp: 0x87ff3ba0\r\n lr: 0x8821c7c4 fp: 0x87ff3d78\r\n lr: 0x88af8687 fp: 0x87ff3da8\r\n lr: 0x8828b5bd fp: 0x87ff3dd0\r\n lr: 0x889d6d29 fp: 0x87ff3df0\r\n lr: 0x889da2f3 fp: 0x87ff3e18\r\n lr: 0x8828b5bd fp: 0x87ff3e40\r\n lr: 0x889da14f fp: 0x87ff3e7c\r\n lr: 0x88acb8e7 fp: 0x87ff3eb8\r\n lr: 0x88ac9815 fp: 0x87ff3ed4\r\n lr: 0x884b24d3 fp: 0x87ff3f60\r\n lr: 0x882cf869 fp: 0x87ff3fa8\r\n lr: 0x8821f05c fp: 0x00000000\r\n\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Fix Information\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n A patch can be downloaded from the following location:\r\n http://support.apple.com/kb/HT1222\r\n \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n NCC Group\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n\r\n Research https://www.nccgroup.com/research\r\n Twitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec\r\n Open Source https://github.com/nccgroup\r\n Blog https://www.nccgroup.com/en/blog/cyber-security/\r\n SlideShare http://www.slideshare.net/NCC_Group/\r\n\r\n\r\nFor more information please visit <a href=\"http://www.mimecast.com\">http://www.mimecast.com<br>\r\nThis email message has been delivered safely and archived online by Mimecast.", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32333/"}], "zdt": [{"lastseen": "2018-03-02T01:35:24", "edition": 2, "description": "Apple TV had an issue where it was logging a user's Apple ID and password via debug output in logs.", "published": "2014-03-11T00:00:00", "type": "zdt", "title": "Apple TV Touch Password Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-6835"], "modified": "2014-03-11T00:00:00", "id": "1337DAY-ID-22015", "href": "https://0day.today/exploit/description/22015", "sourceData": "- Affected Vendor: https://www.apple.com/\r\n- Affected Software: Safari/Facetime on iOS\r\n- Affected Version: iOS 7 prior to 7.1 \r\n- Issue Type: Lack of user confirmation leading to a call being established, revealing the user's identity (phone number or email address)\r\n- Release Date: March 10, 2014\r\n- Discovered by: Guillaume Ross / @gepeto42\r\n- CVE Identifier: CVE-2013-6835\r\n- Issue Status: Vendor has published iOS 7.1 which resolves this issue by adding a prompt before establishing the call.\r\n\r\n**Summary**\r\n\r\nFacetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. \r\nThe URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site.\r\n\r\nBy entering the URL in an inline frame, the attack is automated, and similar to a CSRF attack across apps. Safari does not prompt the user before establishing the call.\r\n\r\n**Impact**\r\n\r\nA user browsing the web could click a malicious link or load a page containing a malicious link within an inline frame. The user would then automatically contact the phone number or email address specified in the URL, revealing his identity to the attacker.\r\n\r\n**Proof of Concept**\r\n\r\nEntering the following URL in iOS would trigger the call to the email address specified: facetime-audio://[email\u00a0protected]\r\n\r\nThis inline frame would have the user call the specified email address as soon as the HTML page is loaded, without prompting the user:\r\n\r\n <iframe src=\"facetime-audio://[email\u00a0protected]\"></iframe>\r\n\r\nSecurity Content of iOS 7.1: http://support.apple.com/kb/HT6162\n\n# 0day.today [2018-03-01] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://0day.today/exploit/22015"}, {"lastseen": "2018-01-05T15:18:05", "edition": 2, "description": "When a specific value is supplied in USB Endpoint descriptor for a HID device \r the Apple device kernel panics and reboots", "published": "2014-03-17T00:00:00", "type": "zdt", "title": "iOS 7 - Kernel Mode Memory Corruption Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1287"], "modified": "2014-03-17T00:00:00", "id": "1337DAY-ID-22035", "href": "https://0day.today/exploit/description/22035", "sourceData": "Vulnerability Description \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n \r\n When a specific value is supplied in USB Endpoint descriptor for a HID device \r\n the Apple device kernel panics and reboots\r\n \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Technical Details\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n \r\n The bug can be triggered using umap (https://github.com/nccgroup/umap)\r\n as follows:\r\n \r\n sudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46\r\n \r\n bMaxPacketSize = 0xff\r\n \r\n Incident Identifier: F0856C91-7616-4DAC-9907-C504401D9951\r\n CrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b\r\n Hardware Model: iPhone3,1\r\n Date/Time: 2013-09-26 12:35:46.892 +0100\r\n OS Version: iOS 7.0 (11A465)\r\n \r\n panic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1, \r\n fault_addr=0x28\r\n r0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe\r\n r4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78\r\n r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001\r\n r12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8\r\n cpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028\r\n \r\n Debugger message: panic\r\n OS version: 11A465\r\n Kernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; \r\n root:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X\r\n iBoot version: iBoot-1940.1.75\r\n secure boot?: YES\r\n Paniclog version: 1\r\n Kernel slide: 0x0000000008200000\r\n Kernel text base: 0x88201000\r\n Epoch Time: sec usec\r\n Boot : 0x52441b69 0x00000000\r\n Sleep : 0x00000000 0x00000000\r\n Wake : 0x00000000 0x00000000\r\n Calendar: 0x52441bb5 0x00056497\r\n \r\n Panicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task\r\n panicked thread: 0x8023de90, backtrace: 0x87ff3a48\r\n lr: 0x88317889 fp: 0x87ff3a7c\r\n lr: 0x883181f7 fp: 0x87ff3ab0\r\n lr: 0x882b783b fp: 0x87ff3ad4\r\n lr: 0x882220a5 fp: 0x87ff3ba0\r\n lr: 0x8821c7c4 fp: 0x87ff3d78\r\n lr: 0x88af8687 fp: 0x87ff3da8\r\n lr: 0x8828b5bd fp: 0x87ff3dd0\r\n lr: 0x889d6d29 fp: 0x87ff3df0\r\n lr: 0x889da2f3 fp: 0x87ff3e18\r\n lr: 0x8828b5bd fp: 0x87ff3e40\r\n lr: 0x889da14f fp: 0x87ff3e7c\r\n lr: 0x88acb8e7 fp: 0x87ff3eb8\r\n lr: 0x88ac9815 fp: 0x87ff3ed4\r\n lr: 0x884b24d3 fp: 0x87ff3f60\r\n lr: 0x882cf869 fp: 0x87ff3fa8\r\n lr: 0x8821f05c fp: 0x00000000\r\n \r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n Fix Information\r\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\r\n \r\n A patch can be downloaded from the following location:\r\n http://support.apple.com/kb/HT1222\n\n# 0day.today [2018-01-05] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22035"}], "exploitpack": [{"lastseen": "2020-04-01T19:05:59", "description": "\niOS 7 - Kernel Mode Memory Corruption", "edition": 1, "published": "2014-03-17T00:00:00", "title": "iOS 7 - Kernel Mode Memory Corruption", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1287"], "modified": "2014-03-17T00:00:00", "id": "EXPLOITPACK:00938B19CD6D4E016B1143AB61A69BCA", "href": "", "sourceData": "~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n Vulnerability Summary\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n Title iOS 7 arbitrary code execution in kernel mode\n Release Date 14 March 2014\n Reference NGS00596\n Discoverer Andy Davis \n Vendor Apple\n Vendor Reference 600217059\n Systems Affected iPhone 4 and later, iPod touch (5th generation) and later, \n iPad 2 and later\n CVE Reference CVE-2014-1287\n Risk High\n Status Fixed\n\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n Resolution Timeline\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n Discovered 26 September 2013\n Reported 26 September 2013\n Released 26 September 2013\n Fixed 10 March 2014\n Published 14 March 2014\n\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n Vulnerability Description \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n When a specific value is supplied in USB Endpoint descriptor for a HID device \n the Apple device kernel panics and reboots\n\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n Technical Details\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n The bug can be triggered using umap (https://github.com/nccgroup/umap)\n as follows:\n\n sudo python3 ./umap.py -P /dev/ttyUSB0 -s 09:00:00:E:46\n\n bMaxPacketSize = 0xff\n\n Incident Identifier: F0856C91-7616-4DAC-9907-C504401D9951\n CrashReporter Key: 7ed804add6a0507b6a8ca9625f0bcd14abc6801b\n Hardware Model: iPhone3,1\n Date/Time: 2013-09-26 12:35:46.892 +0100\n OS Version: iOS 7.0 (11A465)\n\n panic(cpu 0 caller 0x882220a5): kernel abort type 4: fault_type=0x1, \n fault_addr=0x28\n r0: 0x00000003 r1: 0x889e70bd r2: 0x00000012 r3: 0xfffffffe\n r4: 0x9ae83000 r5: 0x00000003 r6: 0x00000000 r7: 0x87ff3d78\n r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001\n r12: 0x87ff3d50 sp: 0x87ff3d10 lr: 0x88af52bf pc: 0x88af51f8\n cpsr: 0x80000033 fsr: 0x00000005 far: 0x00000028\n\n Debugger message: panic\n OS version: 11A465\n Kernel version: Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; \n root:xnu-2423.1.73~3/RELEASE_ARM_S5L8930X\n iBoot version: iBoot-1940.1.75\n secure boot?: YES\n Paniclog version: 1\n Kernel slide: 0x0000000008200000\n Kernel text base: 0x88201000\n Epoch Time: sec usec\n Boot : 0x52441b69 0x00000000\n Sleep : 0x00000000 0x00000000\n Wake : 0x00000000 0x00000000\n Calendar: 0x52441bb5 0x00056497\n\n Panicked task 0x896f8d48: 12856 pages, 114 threads: pid 0: kernel_task\n panicked thread: 0x8023de90, backtrace: 0x87ff3a48\n lr: 0x88317889 fp: 0x87ff3a7c\n lr: 0x883181f7 fp: 0x87ff3ab0\n lr: 0x882b783b fp: 0x87ff3ad4\n lr: 0x882220a5 fp: 0x87ff3ba0\n lr: 0x8821c7c4 fp: 0x87ff3d78\n lr: 0x88af8687 fp: 0x87ff3da8\n lr: 0x8828b5bd fp: 0x87ff3dd0\n lr: 0x889d6d29 fp: 0x87ff3df0\n lr: 0x889da2f3 fp: 0x87ff3e18\n lr: 0x8828b5bd fp: 0x87ff3e40\n lr: 0x889da14f fp: 0x87ff3e7c\n lr: 0x88acb8e7 fp: 0x87ff3eb8\n lr: 0x88ac9815 fp: 0x87ff3ed4\n lr: 0x884b24d3 fp: 0x87ff3f60\n lr: 0x882cf869 fp: 0x87ff3fa8\n lr: 0x8821f05c fp: 0x00000000\n\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n Fix Information\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n A patch can be downloaded from the following location:\n http://support.apple.com/kb/HT1222\n \n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n NCC Group\n~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.\n\n Research https://www.nccgroup.com/research\n Twitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec\n Open Source https://github.com/nccgroup\n Blog https://www.nccgroup.com/en/blog/cyber-security/\n SlideShare http://www.slideshare.net/NCC_Group/\n\n\nFor more information please visit <a href=\"http://www.mimecast.com\">http://www.mimecast.com<br>\nThis email message has been delivered safely and archived online by Mimecast.", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:50:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2931", "CVE-2013-2926", "CVE-2013-6631", "CVE-2013-6626", "CVE-2013-6627", "CVE-2013-2925", "CVE-2013-6625", "CVE-2013-6621", "CVE-2013-6624", "CVE-2013-6628", "CVE-2013-6630", "CVE-2013-2927", "CVE-2013-6632", "CVE-2013-6622", "CVE-2013-6623", "CVE-2013-6629", "CVE-2013-2928"], "description": "Security and bugfix update to Chromium 31.0.1650.57\n\n - Update to Chromium 31.0.1650.57:\n - Security Fixes:\n * CVE-2013-6632: Multiple memory corruption issues.\n\n - Update to Chromium 31.0.1650.48 Stable Channel update:\n - Security fixes:\n * CVE-2013-6621: Use after free related to speech input\n elements..\n * CVE-2013-6622: Use after free related to media\n elements.\n * CVE-2013-6623: Out of bounds read in SVG.\n * CVE-2013-6624: Use after free related to \u00c3\u00a2\u00c2\u0080\u00c2\u009cid\u00c3\u00a2\u00c2\u0080\u00c2\u009d\n attribute strings.\n * CVE-2013-6625: Use after free in DOM ranges.\n * CVE-2013-6626: Address bar spoofing related to\n interstitial warnings.\n * CVE-2013-6627: Out of bounds read in HTTP parsing.\n * CVE-2013-6628: Issue with certificates not being\n checked during TLS renegotiation.\n * CVE-2013-2931: Various fixes from internal audits,\n fuzzing and other initiatives.\n * CVE-2013-6629: Read of uninitialized memory in\n libjpeg and libjpeg-turbo.\n * CVE-2013-6630: Read of uninitialized memory in\n libjpeg-turbo.\n * CVE-2013-6631: Use after free in libjingle.\n\n - Stable Channel update: fix build for 32bit systems\n\n - Update to Chromium 30.0.1599.101\n - Security Fixes:\n + CVE-2013-2925: Use after free in XHR\n + CVE-2013-2926: Use after free in editing\n + CVE-2013-2927: Use after free in forms.\n + CVE-2013-2928: Various fixes from internal audits,\n fuzzing and other initiatives.\n - Enable ARM build for Chromium.\n\n", "edition": 1, "modified": "2013-11-27T20:04:13", "published": "2013-11-27T20:04:13", "id": "OPENSUSE-SU-2013:1776-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html", "type": "suse", "title": "chromium: 31.0.1650.57 version update (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}