Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

2020-11-10T21:12:21

Description

Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, [112 vulnerabilities were patched by Microsoft](<https://msrc.microsoft.com/update-guide/>), with 93 rated important, and two rated low in severity. Tracked as [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was [disclosed by Google Project Zero](<https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/>), which reported the flaw was being exploited in the wild alongside a Google Chrome flaw (CVE-2020-15999) – which had been patched on Oct. 20. [![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>) Microsoft rated the vulnerability (CVE-2020-17087) as important in severity, likely because an attacker interested in exploiting the bug would need to have physical access to the various installs of Windows Server, Windows 10/RT/8.1/7 impacted by the flaw. [According to Google](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), the bug has to do with the way the Windows Kernel Cryptography Driver (cng.sys) processes input/output control (IOCTL) in a way that cannot be expressed by regular system calls. ## **Most Severe** “One of the most critical vulnerabilities patched this Tuesday is CVE-2020-17051, a remote code execution (RCE) vulnerability found in Windows’ Network File System (NFS),” wrote Chris Hass, director of information security and research at Automox, in his Patch Tuesday analysis. He explained, the bug is particularly concerning “because Windows’ NFS is essentially a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.” “As you can imagine, with the functionality this service provides, attackers have been taking advantage of it to gain access to critical systems for a long time. It won’t be long before we see scanning of port 2049 increase over the next few days, with exploitation in the wild likely to follow,” he wrote. Automox researchers also suggested SysAdmins prioritize patches for a pair of critical memory corruption vulnerabilities in Microsoft’s Scripting Engine and Internet Explorer. Both (CVE-2020-17052, CVE-2020-17053) could lead to remote code execution. “A likely attack scenario would be to embed a malicious link in a phishing email that the victim would click to lead to a compromised landing page hosting the exploit,” Hass wrote. ## **Descriptions Removed from Patch Tuesday Bulletin** For many Patch-Tuesday veterans, it won’t go unnoticed that starting with November’s bulletin Microsoft removed the description section of the CVE overviews. The new approach was announced on Monday by the [Microsoft Security Response Center](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>). It describes a heavier reliance on the industry standard Common Vulnerability Scoring System (CVSS) to provide more generalized vulnerability information for Patch Tuesday security bulletins. “This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.,” [Microsoft wrote](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>). For Zero Day Initiative’s Dustin Childs, the new approach makes sense. He said, in many cases, “an accurate CVSS is really all you need. After all, there’s only so much you can say about another SharePoint cross-site scripting (XSS) bug or a local privilege escalation that requires you to log on and run a specially crafted program. However, CVSS itself is not flawless.” Tenable’s chief security officer, Bob Huber wasn’t as generous. ” “Microsoft’s decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organizations of the business risk a particular flaw poses to them,” he wrote. He argued that the new format was a blow to security and boon to adversaries. “End-users [will be] completely blind to how a particular CVE impacts them. What’s more, this makes it nearly impossible to determine the urgency of a given patch. It’s difficult to understand the benefits to end-users.” Huber added: “However, it’s not too difficult to see how this new format benefits bad actors. They’ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.” [![2020 Healthcare Cybersecurity Priorities: Data Security, Ransomware and Patching](https://media.threatpost.com/wp-content/uploads/sites/103/2020/11/09142139/Healthcare_Promo_Webinar.jpg)](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>) **Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**

{"id": "THREATPOST:D48D061BB27415A9A171838BA457EB0E", "type": "threatpost", "bulletinFamily": "info", "title": "Microsoft Patch Tuesday Update Fixes 17 Critical Bugs", "description": "Microsoft\u2019s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft\u2019s 17 critical patches were tied to RCE bugs. In all, [112 vulnerabilities were patched by Microsoft](<https://msrc.microsoft.com/update-guide/>), with 93 rated important, and two rated low in severity.\n\nTracked as [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), one Windows kernel local elevation of privilege vulnerability was red-flagged by Microsoft as being actively exploited in the wild. Last week, the bug was [disclosed by Google Project Zero](<https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/>), which reported the flaw was being exploited in the wild alongside a Google Chrome flaw (CVE-2020-15999) \u2013 which had been patched on Oct. 20. \n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>) \nMicrosoft rated the vulnerability (CVE-2020-17087) as important in severity, likely because an attacker interested in exploiting the bug would need to have physical access to the various installs of Windows Server, Windows 10/RT/8.1/7 impacted by the flaw. [According to Google](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), the bug has to do with the way the Windows Kernel Cryptography Driver (cng.sys) processes input/output control (IOCTL) in a way that cannot be expressed by regular system calls.\n\n## **Most Severe**\n\n\u201cOne of the most critical vulnerabilities patched this Tuesday is CVE-2020-17051, a remote code execution (RCE) vulnerability found in Windows\u2019 Network File System (NFS),\u201d wrote Chris Hass, director of information security and research at Automox, in his Patch Tuesday analysis.\n\nHe explained, the bug is particularly concerning \u201cbecause Windows\u2019 NFS is essentially a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory.\u201d\n\n\u201cAs you can imagine, with the functionality this service provides, attackers have been taking advantage of it to gain access to critical systems for a long time. It won\u2019t be long before we see scanning of port 2049 increase over the next few days, with exploitation in the wild likely to follow,\u201d he wrote.\n\nAutomox researchers also suggested SysAdmins prioritize patches for a pair of critical memory corruption vulnerabilities in Microsoft\u2019s Scripting Engine and Internet Explorer. Both (CVE-2020-17052, CVE-2020-17053) could lead to remote code execution.\n\n\u201cA likely attack scenario would be to embed a malicious link in a phishing email that the victim would click to lead to a compromised landing page hosting the exploit,\u201d Hass wrote.\n\n## **Descriptions Removed from Patch Tuesday Bulletin**\n\nFor many Patch-Tuesday veterans, it won\u2019t go unnoticed that starting with November\u2019s bulletin Microsoft removed the description section of the CVE overviews. The new approach was announced on Monday by the [Microsoft Security Response Center](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>). It describes a heavier reliance on the industry standard Common Vulnerability Scoring System (CVSS) to provide more generalized vulnerability information for Patch Tuesday security bulletins.\n\n\u201cThis is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.,\u201d [Microsoft wrote](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nFor Zero Day Initiative\u2019s Dustin Childs, the new approach makes sense. He said, in many cases, \u201can accurate CVSS is really all you need. After all, there\u2019s only so much you can say about another SharePoint cross-site scripting (XSS) bug or a local privilege escalation that requires you to log on and run a specially crafted program. However, CVSS itself is not flawless.\u201d\n\nTenable\u2019s chief security officer, Bob Huber wasn\u2019t as generous. \u201d\n\n\u201cMicrosoft\u2019s decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organizations of the business risk a particular flaw poses to them,\u201d he wrote.\n\nHe argued that the new format was a blow to security and boon to adversaries. \u201cEnd-users [will be] completely blind to how a particular CVE impacts them. What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users.\u201d\n\nHuber added: \u201cHowever, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts.\u201d\n\n[![2020 Healthcare Cybersecurity Priorities: Data Security, Ransomware and Patching](https://media.threatpost.com/wp-content/uploads/sites/103/2020/11/09142139/Healthcare_Promo_Webinar.jpg)](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>)\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "published": "2020-11-10T21:12:21", "modified": "2020-11-10T21:12:21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/", "reporter": "Tom Spring", "references": ["https://msrc.microsoft.com/update-guide/", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087", "https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/", "https://threatpost.com/newsletter-sign/", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2104", "https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/", "https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/", "https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar", "https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar", "https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar", "https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar"], "cvelist": ["CVE-2020-15999", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17078", "CVE-2020-17087"], "lastseen": "2020-11-11T23:31:55", "viewCount": 126, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4952"]}, {"type": "amazon", "idList": ["ALAS2-2020-1565"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-01-01"]}, {"type": "archlinux", "idList": ["ASA-202010-10", "ASA-202010-11", "ASA-202011-12"]}, {"type": "attackerkb", "idList": ["AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "centos", "idList": ["CESA-2020:4907"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1069", "CPAI-2020-1158", "CPAI-2020-1159", "CPAI-2020-1165", "CPAI-2020-1175"]}, {"type": "chrome", "idList": ["GCSA-164021554802225166"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0"]}, {"type": "cve", "idList": ["CVE-2020-15999", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086", "CVE-2020-17087"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2415-1:46C29", "DEBIAN:DSA-4777-1:A4DA9", "DEBIAN:DSA-4777-1:E3B2F", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15999"]}, {"type": "fedora", "idList": ["FEDORA:53B8A30C6A0B", "FEDORA:6F705313E07A", "FEDORA:8B8553055E91"]}, {"type": "freebsd", "idList": ["458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "F4722927-1375-11EB-8711-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202010-07", "GLSA-202011-12", "GLSA-202012-04"]}, {"type": "github", "idList": ["GHSA-PV36-H7JH-QM62"]}, {"type": "githubexploit", "idList": ["29E9BCA7-54F3-559F-8592-052F7EC902DA", "6E74F3AA-DE31-51CF-AFCB-E689CEE7AC4A", "8AB7F240-396E-5E7F-8F3A-483C176C91EE", "D1090FCA-95F0-58E7-AD3C-CF926A704D6B"]}, {"type": "gitlab", "idList": ["GITLAB-0D82490E586EFE9A8135FB348CC1AD86", "GITLAB-6BE09606720F800C863D5D69D459E60F", "GITLAB-8F1B32BA01379FD4F3C2BD10C978DA9A", "GITLAB-A09C40C419EC540F29571BE33E54126D"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:7659E73B419D190E6DA39B1523454604", "GOOGLEPROJECTZERO:A596034F451F58030932B2FC46FB6F38"]}, {"type": "ibm", "idList": ["979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B", "A48FBFA17576575D0C4186F8C5D2568F5F5BC3CB4B99C62DCBEA7E11187CCCFD", "E58FC3F1E698B87258B01B21FF93EC241CCC5B41ED4495D2B3CC4151FDA89BFA"]}, {"type": "kaspersky", "idList": ["KLA11986", "KLA11997", "KLA12003", "KLA12004", "KLA12010", "KLA12011", "KLA12012", "KLA12013"]}, {"type": "krebs", "idList": ["KREBS:613A537780BD40A6F8E0047CE8D3E6EC"]}, {"type": "mageia", "idList": ["MGASA-2020-0389"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "MALWAREBYTES:79956B6DF02C5841171B3AEE17565978"]}, {"type": "mozilla", "idList": ["MFSA2020-50", "MFSA2020-51", "MFSA2020-52"]}, {"type": "mscve", "idList": ["MS:ADV200002", "MS:CVE-2020-17051", "MS:CVE-2020-17052", "MS:CVE-2020-17053", "MS:CVE-2020-17078", "MS:CVE-2020-17079", "MS:CVE-2020-17082", "MS:CVE-2020-17086", "MS:CVE-2020-17087"]}, {"type": "mskb", "idList": ["KB4586768", "KB4586781", "KB4586786", "KB4586787", "KB4586793", "KB4586827", "KB4586830", "KB4586834", "KB4586845"]}, {"type": "nessus", "idList": ["701289.PASL", "AL2_ALAS-2020-1565.NASL", "ALMA_LINUX_ALSA-2020-4952.NASL", "CENTOS8_RHSA-2020-4952.NASL", "CENTOS_RHSA-2020-4907.NASL", "DEBIAN_DLA-2415.NASL", "DEBIAN_DSA-4777.NASL", "DEBIAN_DSA-4824.NASL", "EULEROS_SA-2020-2483.NASL", "EULEROS_SA-2020-2496.NASL", "EULEROS_SA-2020-2510.NASL", "EULEROS_SA-2021-1585.NASL", "EULEROS_SA-2021-1598.NASL", "EULEROS_SA-2021-1652.NASL", "FEDORA_2020-6299161E89.NASL", "FEDORA_2020-6B35849EDD.NASL", "FEDORA_2020-768B1690F8.NASL", "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "GENTOO_GLSA-202010-07.NASL", "GENTOO_GLSA-202011-12.NASL", "GENTOO_GLSA-202012-04.NASL", "GOOGLE_CHROME_86_0_4240_111.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "MACOS_FIREFOX_78_5_ESR.NASL", "MACOS_FIREFOX_83_0.NASL", "MACOS_THUNDERBIRD_78_5.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "MOZILLA_FIREFOX_78_5_ESR.NASL", "MOZILLA_FIREFOX_83_0.NASL", "MOZILLA_THUNDERBIRD_78_5.NASL", "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0144_FREETYPE.NASL", "OPENSUSE-2020-1718.NASL", "OPENSUSE-2020-1734.NASL", "OPENSUSE-2020-1737.NASL", "OPENSUSE-2020-1744.NASL", "OPENSUSE-2020-1952.NASL", "OPENSUSE-2020-2020.NASL", "OPENSUSE-2020-2031.NASL", "OPENSUSE-2020-2096.NASL", "OPENSUSE-2020-2187.NASL", "OPENSUSE-2020-2315.NASL", "OPENSUSE-2021-1134.NASL", "ORACLELINUX_ELSA-2020-4907.NASL", "ORACLELINUX_ELSA-2020-4952.NASL", "REDHAT-RHSA-2020-4351.NASL", "REDHAT-RHSA-2020-4907.NASL", "REDHAT-RHSA-2020-4949.NASL", "REDHAT-RHSA-2020-4950.NASL", "REDHAT-RHSA-2020-4951.NASL", "REDHAT-RHSA-2020-4952.NASL", "SLACKWARE_SSA_2020-294-01.NASL", "SL_20201104_FREETYPE_ON_SL7_X.NASL", "SMB_NT_MS20_NOV_4586781.NASL", "SMB_NT_MS20_NOV_4586785.NASL", "SMB_NT_MS20_NOV_4586786.NASL", "SMB_NT_MS20_NOV_4586787.NASL", "SMB_NT_MS20_NOV_4586793.NASL", "SMB_NT_MS20_NOV_4586817.NASL", "SMB_NT_MS20_NOV_4586827.NASL", "SMB_NT_MS20_NOV_4586830.NASL", "SMB_NT_MS20_NOV_4586834.NASL", "SMB_NT_MS20_NOV_4586845.NASL", "SMB_NT_MS20_NOV_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_JAN_4598278.NASL", "SUSE_SU-2020-14548-1.NASL", "SUSE_SU-2020-2995-1.NASL", "SUSE_SU-2020-2998-1.NASL", "SUSE_SU-2020-3383-1.NASL", "SUSE_SU-2020-3458-1.NASL", "SUSE_SU-2020-3548-1.NASL", "UBUNTU_USN-4593-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4907", "ELSA-2020-4952"]}, {"type": "osv", "idList": ["OSV:ASB-A-171232105", "OSV:DLA-2415-1", "OSV:DSA-4777-1", "OSV:DSA-4824-1", "OSV:GHSA-PV36-H7JH-QM62"]}, {"type": "photon", "idList": ["PHSA-2022-0364", "PHSA-2022-0442"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:448FF9823134BB757F9B4F865B148EBC", "QUALYSBLOG:84DFCF34CC23A9FDDFBD73DEF70C8C04", "QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5C1C01CE46935D3FDB62B946B79E9801"]}, {"type": "redhat", "idList": ["RHSA-2020:4351", "RHSA-2020:4907", "RHSA-2020:4949", "RHSA-2020:4950", "RHSA-2020:4951", "RHSA-2020:4952", "RHSA-2020:5118", "RHSA-2020:5194", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0799"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15999"]}, {"type": "slackware", "idList": ["SSA-2020-294-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1731-1", "OPENSUSE-SU-2020:1734-1", "OPENSUSE-SU-2020:1737-1", "OPENSUSE-SU-2020:1744-1", "OPENSUSE-SU-2020:1829-1", "OPENSUSE-SU-2020:1952-1", "OPENSUSE-SU-2020:2020-1", "OPENSUSE-SU-2020:2031-1", "OPENSUSE-SU-2020:2096-1", "OPENSUSE-SU-2020:2187-1", "OPENSUSE-SU-2020:2315-1", "OPENSUSE-SU-2021:1134-1"]}, {"type": "thn", "idList": ["THN:1CAE17F613AA7CBF6F4E99804811C608", "THN:7AD5261E90CC5E52D9933B8F13139A3E", "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "THN:DAE548E4C591A2718BC3A3D2C9440FB1"]}, {"type": "threatpost", "idList": ["THREATPOST:2AAD8D184B893593E4E3B11FE31F97B3", "THREATPOST:6F7E512F15913694CF17A906715FE678", "THREATPOST:B94C72282597270B568FB72191A99385", "THREATPOST:DF87733B74489628AB9F2C89704380A9"]}, {"type": "ubuntu", "idList": ["USN-4593-1", "USN-4593-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15999"]}, {"type": "veracode", "idList": ["VERACODE:27664", "VERACODE:27808"]}, {"type": "zdi", "idList": ["ZDI-20-1368", "ZDI-20-1369"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4952"]}, {"type": "amazon", "idList": ["ALAS2-2020-1565"]}, {"type": "androidsecurity", "idList": ["ANDROID:2021-01-01"]}, {"type": "archlinux", "idList": ["ASA-202010-10", "ASA-202010-11", "ASA-202011-12"]}, {"type": "attackerkb", "idList": ["AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667"]}, {"type": "avleonov", "idList": ["AVLEONOV:28E47C69DA4A069031694EB4C2C931BA"]}, {"type": "centos", "idList": ["CESA-2020:4907"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1069", "CPAI-2020-1158", "CPAI-2020-1159", "CPAI-2020-1165", "CPAI-2020-1175"]}, {"type": "chrome", "idList": ["GCSA-164021554802225166"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:D18C016FED8F2EC566E781EC4B141FB0"]}, {"type": "cve", "idList": ["CVE-2020-15999", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17078", "CVE-2020-17087"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2415-1:46C29", "DEBIAN:DSA-4777-1:E3B2F", "DEBIAN:DSA-4824-1:11EBB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15999"]}, {"type": "fedora", "idList": ["FEDORA:53B8A30C6A0B", "FEDORA:6F705313E07A", "FEDORA:8B8553055E91"]}, {"type": "freebsd", "idList": ["458DF97F-1440-11EB-AAEC-E0D55E2A8BF9", "F4722927-1375-11EB-8711-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202010-07", "GLSA-202011-12", "GLSA-202012-04"]}, {"type": "github", "idList": ["GHSA-PV36-H7JH-QM62"]}, {"type": "githubexploit", "idList": ["29E9BCA7-54F3-559F-8592-052F7EC902DA", "6E74F3AA-DE31-51CF-AFCB-E689CEE7AC4A", "D1090FCA-95F0-58E7-AD3C-CF926A704D6B"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:7659E73B419D190E6DA39B1523454604"]}, {"type": "ibm", "idList": ["979C1C302656B100A9230D67DC5FDA9D31E695FEDE62BEA27566840475B31B1B"]}, {"type": "kaspersky", "idList": ["KLA11986", "KLA12004", "KLA12011"]}, {"type": "krebs", "idList": ["KREBS:613A537780BD40A6F8E0047CE8D3E6EC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:40B6CEF3C04EE6E976C145960F0C4FEE", "MALWAREBYTES:79956B6DF02C5841171B3AEE17565978"]}, {"type": "mozilla", "idList": ["MFSA2020-50"]}, {"type": "mscve", "idList": ["MS:ADV200002", "MS:CVE-2020-17051", "MS:CVE-2020-17052", "MS:CVE-2020-17053", "MS:CVE-2020-17078", "MS:CVE-2020-17087"]}, {"type": "mskb", "idList": ["KB4586793", "KB4586830"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1565.NASL", "CENTOS8_RHSA-2020-4952.NASL", "CENTOS_RHSA-2020-4907.NASL", "DEBIAN_DSA-4777.NASL", "DEBIAN_DSA-4824.NASL", "EULEROS_SA-2020-2483.NASL", "EULEROS_SA-2020-2496.NASL", "EULEROS_SA-2020-2510.NASL", "EULEROS_SA-2021-1585.NASL", "EULEROS_SA-2021-1598.NASL", "EULEROS_SA-2021-1652.NASL", "FEDORA_2020-6B35849EDD.NASL", "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "GENTOO_GLSA-202010-07.NASL", "GENTOO_GLSA-202011-12.NASL", "GENTOO_GLSA-202012-04.NASL", "GOOGLE_CHROME_86_0_4240_111.NASL", "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "MACOS_FIREFOX_78_5_ESR.NASL", "MACOS_FIREFOX_83_0.NASL", "MACOS_THUNDERBIRD_78_5.NASL", "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "MOZILLA_FIREFOX_78_5_ESR.NASL", "MOZILLA_FIREFOX_83_0.NASL", "MOZILLA_THUNDERBIRD_78_5.NASL", "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "OPENSUSE-2020-1952.NASL", "OPENSUSE-2020-2020.NASL", "OPENSUSE-2020-2031.NASL", "OPENSUSE-2020-2096.NASL", "OPENSUSE-2020-2187.NASL", "OPENSUSE-2020-2315.NASL", "ORACLELINUX_ELSA-2020-4907.NASL", "ORACLELINUX_ELSA-2020-4952.NASL", "REDHAT-RHSA-2020-4907.NASL", "REDHAT-RHSA-2020-4949.NASL", "REDHAT-RHSA-2020-4950.NASL", "REDHAT-RHSA-2020-4951.NASL", "REDHAT-RHSA-2020-4952.NASL", "SLACKWARE_SSA_2020-294-01.NASL", "SL_20201104_FREETYPE_ON_SL7_X.NASL", "SMB_NT_MS20_NOV_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_JAN_4598278.NASL", "SUSE_SU-2020-14548-1.NASL", "SUSE_SU-2020-2995-1.NASL", "SUSE_SU-2020-2998-1.NASL", "SUSE_SU-2020-3383-1.NASL", "SUSE_SU-2020-3458-1.NASL", "SUSE_SU-2020-3548-1.NASL", "UBUNTU_USN-4593-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4907", "ELSA-2020-4952"]}, {"type": "photon", "idList": ["PHSA-2022-0442", "PHSA-2022-0472"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:448FF9823134BB757F9B4F865B148EBC", "QUALYSBLOG:84DFCF34CC23A9FDDFBD73DEF70C8C04", "QUALYSBLOG:96DCE4C98C4BF0770916E3FFC1290807"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:5C1C01CE46935D3FDB62B946B79E9801"]}, {"type": "redhat", "idList": ["RHSA-2020:4907"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15999"]}, {"type": "slackware", "idList": ["SSA-2020-294-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1718-1", "OPENSUSE-SU-2020:1731-1", "OPENSUSE-SU-2020:1734-1", "OPENSUSE-SU-2020:1737-1", "OPENSUSE-SU-2020:1744-1", "OPENSUSE-SU-2020:1829-1"]}, {"type": "thn", "idList": ["THN:1CAE17F613AA7CBF6F4E99804811C608", "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "THN:DAE548E4C591A2718BC3A3D2C9440FB1"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366", "THREATPOST:6F7E512F15913694CF17A906715FE678", "THREATPOST:B94C72282597270B568FB72191A99385", "THREATPOST:DF87733B74489628AB9F2C89704380A9"]}, {"type": "ubuntu", "idList": ["USN-4593-1", "USN-4593-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15999"]}, {"type": "zdi", "idList": ["ZDI-20-1368", "ZDI-20-1369"]}]}, "exploitation": null, "vulnersScore": 0.5}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660032824, "score": 1659998177}, "_internal": {"score_hash": "2e7fcc5235aa9d62b3e20f2687d93243"}}

{"thn": [{"lastseen": "2022-05-09T12:38:46", "description": "[![patch tuesday](https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s728-e1000/microsoft-windows-patch-update.jpg)](<https://thehackernews.com/images/-SSbDtuq5p6I/X6u3kb-4j9I/AAAAAAAAA_k/O2lxJLtO0ckb7kXyo7sAerMCMc2AMCCBwCLcBGAsYHQ/s0/microsoft-windows-patch-update.jpg>)\n\nMicrosoft formally released fixes for 112 newly discovered security vulnerabilities as part of its [November 2020 Patch Tuesday](<https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Nov>), including an actively exploited zero-day flaw disclosed by Google's security team last week.\n\nThe rollout addresses flaws, 17 of which are rated as Critical, 93 are rated as Important, and two are rated Low in severity, once again bringing the patch count over 110 after a drop last month.\n\nThe security updates encompass a range of software, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer, Edge, ChakraCore, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.\n\nChief among those fixed is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>) (CVSS score 7.8), a buffer overflow flaw in Windows Kernel Cryptography Driver (\"cng.sys\") that was [disclosed on October 30](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>) by the Google Project Zero team as being used in conjunction with a Chrome zero-day to compromise Windows 7 and Windows 10 users.\n\nFor its part, Google released an update for its Chrome browser to address the zero-day (CVE-2020-15999) last month.\n\nMicrosoft's advisory about the flaw doesn't go into any details beyond the fact that it was a \"Windows Kernel Local Elevation of Privilege Vulnerability\" in part to [restructure security advisories](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>) in line with the Common Vulnerability Scoring System (CVSS) format starting this month.\n\nOutside of the zero-day, the update fixes a number of remote code execution (RCE) vulnerabilities impacting Exchange Server ([CVE-2020-17084](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084>)), Network File System ([CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>)), and Microsoft Teams ([CVE-2020-17091](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17091>)), as well as a security bypass flaw in Windows Hyper-V virtualization software ([CVE-2020-17040](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17040>)).\n\nCVE-2020-17051 is rated 9.8 out of a maximum 10 on the CVSS score, making it a critical vulnerability. Microsoft, however, noted that the attack complexity of the flaw \u2014 the conditions beyond the attacker's control that must exist in order to exploit the vulnerability \u2014 is low.\n\nAs with the zero-day, the advisories associated with these security shortcomings are light on descriptions, with little to no information on how these RCE flaws are abused or which security feature in Hyper-V is being bypassed.\n\nOther critical flaws fixed by Microsoft this month include memory corruption vulnerabilities in Microsoft Scripting Engine (CVE-2020-17052) and Internet Explorer (CVE-2020-17053), and multiple RCE flaws in HEVC Video Extensions Codecs library.\n\nIt's highly recommended that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T10:09:00", "type": "thn", "title": "Microsoft Releases Windows Security Updates For Critical Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-17040", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091"], "modified": "2020-11-11T10:29:27", "id": "THN:89153A67BADBEDB4D309DCACBFF2EA7F", "href": "https://thehackernews.com/2020/11/microsoft-releases-windows-security.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:47", "description": "[![Windows Zero-Day](https://thehackernews.com/images/--Cevx7TUFx0/X5_TgyD_ymI/AAAAAAAAA8o/uOE36OUB0LwmCFccKnw8bO02pKnkeZ_XQCLcBGAsYHQ/s728-e1000/google.jpg)](<https://thehackernews.com/images/--Cevx7TUFx0/X5_TgyD_ymI/AAAAAAAAA8o/uOE36OUB0LwmCFccKnw8bO02pKnkeZ_XQCLcBGAsYHQ/s728/google.jpg>)\n\nGoogle has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild.\n\nThe elevation of privileges (EoP) vulnerability, tracked as [CVE-2020-17087](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>), concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver (\"cng.sys\") that can be exploited for a sandbox escape.\n\n\"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue,\" Google's Project Zero researchers Mateusz Jurczyk and Sergei Glazunov noted in their technical write-up.\n\nThe security team made the details public following a seven-day disclosure deadline because of evidence that it's under active exploit.\n\nProject Zero has shared a proof-of-concept exploit (PoC) that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations.\n\nWhat's notable is that the exploit chain requires linking CVE-2020-17087 with another Chrome browser zero-day ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) that was fixed by Google last week.\n\nThe Chrome zero-day involves a heap buffer overflow in the Freetype font library to run malicious code in the browser, but the newly revealed Windows zero-day makes it possible for an attacker to break out of Chrome's sandbox protections and run the code on Windows \u2014 also called a sandbox escape.\n\nStating that the exploitation is \"not related to any US election-related targeting,\" Project Zero's Ben Hawkes said a patch for the flaw is expected to be released by Microsoft on November 10.\n\nHawkes also [defended](<https://twitter.com/benhawkes/status/1322211779028557824>) the practice of disclosing zero-days within a week of them being actively exploited.\n\n\"We think there's defensive utility to sharing these details, and that opportunistic attacks using these details between now and the patch being released is reasonably unlikely (so far it's been used as part of an exploit chain, and the entry-point attack is fixed),\" he said.\n\n\"The short deadline for in-the-wild exploit also tries to incentivize out-of-band patches or other mitigations being developed/shared with urgency. Those improvements you might expect to see over a longer term period,\" Hawkes added.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-02T09:43:00", "type": "thn", "title": "WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-17087"], "modified": "2020-11-02T09:43:23", "id": "THN:7AD5261E90CC5E52D9933B8F13139A3E", "href": "https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:47", "description": "[![chrome-extensions](https://thehackernews.com/images/-wwpOKprFWzg/X6EjqTcCLXI/AAAAAAAAA9I/mBsBYTybLoExMJP9mvW6fPJ2Njf3EeA6gCLcBGAsYHQ/s728-e1000/chrome-extensions.jpg)](<https://thehackernews.com/images/-wwpOKprFWzg/X6EjqTcCLXI/AAAAAAAAA9I/mBsBYTybLoExMJP9mvW6fPJ2Njf3EeA6gCLcBGAsYHQ/s0/chrome-extensions.jpg>)\n\nGoogle has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.\n\nThe company [released](<https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html>) 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users.\n\nThe zero-day flaw, tracked as **CVE-2020-16009**, was reported by Clement Lecigne of Google's Threat Analysis Group (TAG) and Samuel Gro\u00df of Google Project Zero on October 29.\n\nThe company also warned that it \"is aware of reports that an exploit for CVE-2020-16009 exists in the wild.\"\n\nGoogle hasn't made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw.\n\nBut Ben Hawkes, Google Project Zero's technical lead, [said](<https://twitter.com/benhawkes/status/1323374326150701057>) CVE-2020-16009 concerned an \"inappropriate implementation\" of its V8 JavaScript rendering engine leading to remote code execution.\n\nAside from the ten security fixes for the desktop version of Chrome, Google has also addressed a separate zero-day in Chrome for Android that was being exploited in the wild \u2014 a sandbox escape flaw tracked as CVE-2020-16010.\n\nThe zero-day disclosures come two weeks after Google fixed a critical buffer overflow flaw ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)) in the Freetype font library.\n\nThen late last week, the company revealed a Windows privilege escalation zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)) that was employed in combination with the above font rendering library flaw to crash Windows systems.\n\nThe search giant hasn't so far clarified if the same threat actor was exploiting the two zero-days.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-03T09:33:00", "type": "thn", "title": "New Chrome Zero-Day Under Active Attacks \u2013 Update Your Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087"], "modified": "2020-11-03T11:15:49", "id": "THN:955CBC4C8C3F414A1ED3D5F7CAA08A9F", "href": "https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:48", "description": "[![chrome zero day vulnerability](https://thehackernews.com/images/-xZzCUwzBVrc/X5BgBpam4II/AAAAAAAA3Yw/vJtLuVzSt8AFXoZyGKSmcxHJtXC6fxv1QCLcBGAsYHQ/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/-xZzCUwzBVrc/X5BgBpam4II/AAAAAAAA3Yw/vJtLuVzSt8AFXoZyGKSmcxHJtXC6fxv1QCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nAttention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.\n\nGoogle [released](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers.\n\nTracked as **CVE-2020-15999**, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.\n\nThe vulnerability was discovered and reported by security researcher Sergei Glazunov of Google Project Zero on October 19 and is subject to a seven-day public disclosure deadline due to the flaw being under active exploitation.\n\nGlazunov also immediately reported the zero-day vulnerability to FreeType developers, who then developed an emergency patch to address the issue on October 20 with the release of FreeType 2.10.4.\n\nWithout revealing technical details of the vulnerability, the technical lead for Google's Project Zero Ben Hawkes [warned](<https://twitter.com/benhawkes/status/1318640422571266048>) on Twitter that while the team has only spotted an exploit targeting Chrome users, it's possible that other projects that use FreeType might also be vulnerable and are advised to deploy the fix included in FreeType version 2.10.4.\n\n[![chrome zero day vulnerability](https://thehackernews.com/images/-DBudKmv052Y/X5BhH0P-IwI/AAAAAAAA3Y4/rJEum-YfowkzJ2rHLv4cE-On28Q1G02FwCLcBGAsYHQ/s728-e1000/chrome-zero-day-vulnerability.jpg)](<https://thehackernews.com/images/-DBudKmv052Y/X5BhH0P-IwI/AAAAAAAA3Y4/rJEum-YfowkzJ2rHLv4cE-On28Q1G02FwCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\n\"While we only saw an exploit for Chrome, other users of freetype should adopt the fix discussed here: https://savannah.nongnu.org/bugs/?59308 -- the fix is also in today's stable release of FreeType 2.10.4,\" Hawkes writes.\n\nAccording to [details](<https://savannah.nongnu.org/bugs/?59308>) shared by Glazunov, the vulnerability exists in the FreeType's function \"Load_SBit_Png,\" which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code just by using specifically crafted fonts with embedded PNG images.\n\n\"The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`. Therefore, if the original width and/or height are greater than 65535, the allocated buffer won't be able to fit the bitmap,\" Glazunov explained.\n\nGlazunov also published a font file with a proof-of-concept exploit.\n\nGoogle released Chrome 86.0.4240.111 as Chrome's \"stable\" version, which is available to all users, not just to opted-in early adopters, [saying](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) that the company is aware of reports that \"an exploit for CVE-2020-15999 exists in the wild,\" but did not reveal further details of the active attacks.\n\nBesides the FreeType zero-day vulnerability, Google also patched four other flaws in the latest Chrome update, three of which are high-risk vulnerabilities\u2014an inappropriate implementation bug in Blink, a use after free bug in Chrome's media, and use after free bug in PDFium\u2014and one medium-risk use after free issue in browser's printing function.\n\nAlthough the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to \"Help \u2192 About Google Chrome\" from the menu.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-21T16:26:00", "type": "thn", "title": "New Chrome 0-day Under Active Attacks \u2013 Update Your Browser Now", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-21T16:27:58", "id": "THN:1CAE17F613AA7CBF6F4E99804811C608", "href": "https://thehackernews.com/2020/10/chrome-zeroday-attacks.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-09T12:38:46", "description": "[![Apple iOS Security Update](https://thehackernews.com/images/-4s737H_lQjY/X6T-7usqm2I/AAAAAAAAA-s/xbIl-rUzZWo6sfq6-YyjjyEeHi5vz2GugCLcBGAsYHQ/s728-e1000/apple-update.jpg)](<https://thehackernews.com/images/-4s737H_lQjY/X6T-7usqm2I/AAAAAAAAA-s/xbIl-rUzZWo6sfq6-YyjjyEeHi5vz2GugCLcBGAsYHQ/s0/apple-update.jpg>)\n\nApple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild.\n\nRolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges.\n\nThe zero-days were discovered and reported to Apple by Google's Project Zero security team.\n\n\"Apple is aware of reports that an exploit for this issue exists in the wild,\" the iPhone maker said of the three zero-days without giving any additional details so as to allow a vast majority of users to install the updates.\n\nThe list of [impacted devices](<https://support.apple.com/en-us/HT201222>) includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air, iPad mini 2 and later, and Apple Watch Series 1 and later.\n\nThe fixes are available in versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7.\n\nAccording to Apple's [security bulletin](<https://support.apple.com/en-us/HT211929>), the flaws are:\n\n * **CVE-2020-27930:** A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.\n * ****CVE-2020-27950**:** A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.\n * **CVE-2020-27932:** A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.\n\n\"Targeted exploitation in the wild similar to the other recently reported 0days,\" [said](<https://twitter.com/ShaneHuntley/status/1324431104187670529>) Shane Huntley, Director of Google's Threat Analysis Group. \"Not related to any election targeting.\"\n\nThe disclosure is the latest in the string of zero-days Project Zero has reported since October 20. First came the Chrome zero-day in Freetype font rendering library ([CVE-2020-15999](<https://thehackernews.com/2020/10/chrome-zeroday-attacks.html>)), then a Windows zero-day ([CVE-2020-17087](<https://thehackernews.com/2020/11/warning-google-discloses-windows-zero.html>)), followed by two more in Chrome and its Android variant ([CVE-2020-16009 and CVE-2020-16010](<https://thehackernews.com/2020/11/new-chrome-zero-day-under-active.html>)).\n\nA patch for the Windows zero-day is expected to be released on November 10 as part of this month's Patch Tuesday.\n\nWhile more details are awaited on whether the zero-days were abused by the same threat actor, it's recommended that users update their devices to the latest versions to mitigate the risk associated with the flaws.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-06T07:48:00", "type": "thn", "title": "Update Your iOS Devices Now \u2014 3 Actively Exploited 0-Days Discovered", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-17087", "CVE-2020-27930", "CVE-2020-27932", "CVE-2020-27950"], "modified": "2020-12-02T06:39:58", "id": "THN:DAE548E4C591A2718BC3A3D2C9440FB1", "href": "https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2020-11-24T10:28:18", "description": "**Adobe** and **Microsoft** each issued a bevy of updates today to plug critical security holes in their software. Microsoft's release includes fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Microsoft also is taking flak for changing its security advisories and limiting the amount of information disclosed about each bug.\n\n![](https://krebsonsecurity.com/wp-content/uploads/2020/08/windowsec.png)\n\nSome 17 of the 112 issues fixed in today's patch batch involve "critical" problems in Windows, or those that can be exploited by malware or malcontents to seize complete, remote control over a vulnerable Windows computer without any help from users.\n\nMost of the rest were assigned the rating "important," which [in Redmond parlance](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>) refers to a vulnerability whose exploitation could "compromise the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."\n\nA chief concern among all these updates this month is [CVE-2020-17087](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>), which is an "important" bug in the Windows kernel that is already seeing active exploitation. CVE-2020-17087 is not listed as critical because it's what's known as a privilege escalation flaw that would allow an attacker who has already compromised a less powerful user account on a system to gain administrative control. In essence, it would have to be chained with another exploit.\n\nUnfortunately, this is exactly what Google researchers described witnessing recently. On Oct. 20, **Google** released an update for its **Chrome** browser which fixed a bug ([CVE-2020-15999](<https://nvd.nist.gov/vuln/detail/CVE-2020-15999>)) that was seen being used in conjunction with CVE-2020-17087 to compromise Windows users.\n\nIf you take a look at the advisory Microsoft released today for CVE-2020-17087 (or any others from today's batch), you might notice they look a bit more sparse. That's because Microsoft has opted to restructure those advisories around the [Common Vulnerability Scoring System](<https://nvd.nist.gov/vuln-metrics/cvss>) (CVSS) format to more closely align the format of the advisories with that of other major software vendors.\n\nBut in so doing, Microsoft has also removed some useful information, such as the description explaining in broad terms the scope of the vulnerability, how it can be exploited, and what the result of the exploitation might be. Microsoft explained its reasoning behind this shift in [a blog post](<https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/>).\n\nNot everyone is happy with the new format. **Bob Huber**, chief security officer at [Tenable](<https://www.tenable.com>), praised Microsoft for adopting an industry standard, but said the company should consider that folks who review Patch Tuesday releases aren\u2019t security practitioners but rather IT counterparts responsible for actually applying the updates who often aren\u2019t able (and shouldn\u2019t have to) decipher raw CVSS data.\n\n"With this new format, end users are completely blind to how a particular CVE impacts them," Huber said. "What\u2019s more, this makes it nearly impossible to determine the urgency of a given patch. It\u2019s difficult to understand the benefits to end-users. However, it\u2019s not too difficult to see how this new format benefits bad actors. They\u2019ll reverse engineer the patches and, by Microsoft not being explicit about vulnerability details, the advantage goes to attackers, not defenders. Without the proper context for these CVEs, it becomes increasingly difficult for defenders to prioritize their remediation efforts."\n\n**Dustin Childs **with **Trend Micro**'s [Zero Day Initiative](<https://www.zerodayinitiative.com/>) also puzzled over the lack of details included in Microsoft advisories tied to two other flaws fixed today -- including one in **Microsoft Exchange Server **([CVE-2020-16875](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16875>)) and [CVE-2020-17051](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>), which is a scary-looking weakness in the **Windows Network File System (NFS)**.\n\nThe Exchange problem, Childs said, was reported by the winner of the [Pwn2Own Miami bug finding contest](<https://www.thezdi.com/blog/2020/1/21/pwn2own-miami-2020-schedule-and-live-results>).\n\n"With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned," Childs said. "It is very likely he will publish the details of these bugs soon. Microsoft rates this as important, but I would treat it as critical, especially since people seem to find it hard to patch Exchange at all."\n\nLikewise, with CVE-2020-17051, there was a noticeable lack of detail for bug that earned a CVSS score of 9.8 (10 is the most dangerous).\n\n"With no description to work from, we need to rely on the CVSS to provide clues about the real risk from the bug," Childs said. "Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise."\n\nSeparately, Adobe today released updates to plug at least 14 security holes in Adobe Acrobat and Reader. Details about those fixes are available [here](<https://helpx.adobe.com/security/products/acrobat/apsb20-67.html>). There are no security updates for Adobe's Flash Player, which Adobe has said will be retired at the end of the year. Microsoft, which has bundled versions of Flash with its Web browsers, says it plans to ship an update in December that will remove Flash from Windows PCs, and last month it made the removal tool [available for download](<https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player>).\n\nWindows 10 users should be aware that the operating system will download updates and install them on its own schedule, closing out active programs and rebooting the system. If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system, see [this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nBut please do back up your system before applying any of these updates. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAs always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T01:56:41", "type": "krebs", "title": "Patch Tuesday, November 2020 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16875", "CVE-2020-17051", "CVE-2020-17087"], "modified": "2020-11-11T01:56:41", "id": "KREBS:613A537780BD40A6F8E0047CE8D3E6EC", "href": "https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2020-11-24T10:46:43", "description": "![Patch Tuesday - November 2020](https://blog.rapid7.com/content/images/2020/11/patches-2.jpg)\n\nJumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere.\n\n### [Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087>)\n\nComing as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via [Rapid7's AttackerKB analysis](<https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day#rapid7-analysis>) \"exploitability is at least somewhat more limited than it might appear at first glance.\" This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.\n\n### [Microsoft CVE-2020-17051: Windows Network File System Remote Code Execution](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051>)\n\nCVE-2020-17051 is this month's highest severity vulnerability sitting at CVSS 9.8. Microsoft describes CVE-2020-17051 as a Remote Code Execution vulnerability affecting Windows Network File System. At the time of writing, information regarding this vulnerability is light but Microsoft has noted that it has low attack complexity and does not require user interaction to exploit. This is aptly represented by the high CVSS score. At this point, this vulnerability is not known to be exploited in the wild.\n\n### Browser Vulnerabilities Come Back After An October Break\n\nWhile it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). [CVE-2020-17048](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17048>), [CVE-2020-17052](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17052>), [CVE-2020-17053](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17053>), [CVE-2020-17054](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17054>), and [CVE-2020-17058](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17058>) are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).\n\nAs a gentle reminder, Security-Only patches for operating systems that provide a Monthly Rollup or Security-Only update streams do not include browser remediations. Organizations opting for Security-Only patches should be aware that there are separate Cumulative Security Updates for Internet Explorer.\n\n### Azure Sphere\n\nSomething new and refreshing this month: A keen eye may have noticed 15 vulnerabilities pertaining to a new product category named Azure Sphere. So the question becomes...what needs to be done about them? The quick answer is, luckily, \"not much\". Azure Sphere, an IoT Device offering, is updated automatically on a daily cadence when connected to a network. By the time you're reading this, if you have Azure Sphere IoT devices in your environment (and they are connected to the Internet), these vulnerabilities would have already been resolved.\n\n![Patch Tuesday - November 2020](https://blog.rapid7.com/content/images/2020/11/2020-Nov_vuln_count_by_component.png)![Patch Tuesday - November 2020](https://blog.rapid7.com/content/images/2020/11/2020-Nov_vuln_count_by_impact.png)![Patch Tuesday - November 2020](https://blog.rapid7.com/content/images/2020/11/2020-Nov_vuln_count_by_severity.png)![Patch Tuesday - November 2020](https://blog.rapid7.com/content/images/2020/11/2020-Nov_CVSS3_base_score.png)\n\n________Note: Graph data is reflective of data presented by Microsoft's CVRF at the time of writing.________", "cvss3": {}, "published": "2020-11-11T01:03:15", "type": "rapid7blog", "title": "Patch Tuesday - November 2020", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-17048", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17058", "CVE-2020-17087"], "modified": "2020-11-11T01:03:15", "id": "RAPID7BLOG:5C1C01CE46935D3FDB62B946B79E9801", "href": "https://blog.rapid7.com/2020/11/11/patch-tuesday-november-2020/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2021-12-09T04:53:29", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**lvarela-r7** at October 22, 2020 5:25pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\n**ccondon-r7** at October 20, 2020 11:53pm UTC reported:\n\nGood SECPod blog on the vulnerability, also showing this is being actively exploited. \n[https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October](<https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October>)\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T00:00:00", "type": "attackerkb", "title": "CVE-2020-15999 Chrome Freetype 0day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-17087"], "modified": "2020-11-05T00:00:00", "id": "AKB:C6F99915-AA1F-419E-A866-FCD1140D6667", "href": "https://attackerkb.com/topics/CqH1gMBHJC/cve-2020-15999-chrome-freetype-0day", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-11T10:44:20", "description": "CVE-2020-17087 is a pool-based buffer overflow vulnerability in the Windows Kernel Cryptography Driver (cng.sys). The vulnerability arises from input/output controller (IOCTL) 0x390400 processing and could allow a local attacker to escalate privileges, including for sandbox escape. The vulnerability was initially released as a zero-day by Google\u2019s Project Zero team; it was patched on November 10, 2020, as part of Microsoft\u2019s November 2020 Patch Tuesday release.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at October 30, 2020 9:13pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n![](https://zerosteiner.s3.amazonaws.com/images/cve-2020-17087-event.png)\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\n**lvarela-r7** at November 03, 2020 8:21pm UTC reported:\n\nAn error exists within `cng!CfgAdtpFormatPropertyBlock` where buffer is allocated from a value that is truncated to be 16-bits. The function then goes on and performs a binary to ASCII hex conversion, writing the ASCII hex characters to this buffer. While performing the conversion, the original buffer\u2019s correct length is used causing the write to continue out of bounds.\n\nThe vector for this vulnerability is local. A malicious attacker would first have to have code execution on the target system from any context including that of a sandboxed application. From there they would open a handle to `\\\\.\\GLOBALROOT\\Device\\Cng` before issuing the 0x390400 IOCTL with a crafted input buffer. The crafted input buffer contains a size parameter as one of the fields that when set to 0x2aab or greater will trigger the overflow.\n\nExploitation of this bug won\u2019t be easy due to it being a heap based memory corruption within the kernel\u2019s NonPagedPool. The attacker has partial control over the size of the allocation as constrained by `((size * 6) & 0xffff)`.\n\nThis vulnerability was originally reported by Google\u2019s Project Zero who also reported that it is being actively exploited in the wild. The original report is on [their tracker](<https://bugs.chromium.org/p/project-zero/issues/detail?id=2104>). The live in the wild exploitation is reportedly targeted and not related to the US elections. A patch is expected to be release on November 10th, 2020.\n\nWhile the vulnerable code appears to be present within Windows 7 SP1 x64 as verified through static analysis. The original PoC provided by Google\u2019s Project Zero team, does not trigger the bug on this platform. Within the callstack the chain is accessible, however a difference within the implementations is causing `cng!BCryptSetContextFunctionProperty` to branch leading to the path to `cng!CfgAdtReportFunctionPropertyModification` being missed.\n\n## Detection\n\nAttempted exploitation of this vulnerability can be detected through auditing event ID [5069](<https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5069>). This must be configured in order to detect exploitation attempts. To enable it, start `secpol.msc`, then navigate to `Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Policy Change`. Set `Audit Other Policy Change Events` to enable both \u201cSuccess\u201d and \u201cFailure\u201d. With this change in place, event ID 5069 will be loaded to the standard Windows Security Log that is accessible through the event viewer.\n\nExploitation attempts can then be identified through the length of the reported \u201cvalue\u201d field.\n\n![](https://zerosteiner.s3.amazonaws.com/images/cve-2020-17087-event.png)\n\n## Proof of Concept\n\nThe following is a port of the original Proof of Concept released by Google Project Zero into Python and updated to demonstrate the vulnerability on both Windows 7 SP1 and Windows 10.\n \n \n import ctypes\n import random\n \n # https://github.com/zeroSteiner/mayhem\n from mayhem.windll import *\n \n value = (ctypes.c_ubyte * 0x2aab)()\n bcrypt.BCryptSetContextFunctionProperty(\n bcrypt.CRYPT_LOCAL,\n 'Default',\n bcrypt.BCryptInterface.Cipher,\n 'AES',\n \"XXX_{:08x}\".format(random.randint(0, 0xffffffff)),\n len(value),\n value\n )\n \n\nInstead of directly issuing the IOCTL, this variant uses the [`bcrypt!BCryptSetContextFunctionProperty`](<https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptsetcontextfunctionproperty>) function with the appropriate arguments. Randomizing the `pszProperty` argument helps to ensure that the vulnerability is triggered exactly once each time the code is run.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-11T00:00:00", "type": "attackerkb", "title": "CVE-2020-17087 Windows Kernel local privilege escalation 0day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16009", "CVE-2020-17087"], "modified": "2020-11-17T00:00:00", "id": "AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6", "href": "https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2021-12-06T18:24:30", "description": "Windows Network File System Remote Code Execution Vulnerability \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Network File System Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-16T08:00:00", "id": "MS:CVE-2020-17051", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:24:58", "description": "Windows Kernel Local Elevation of Privilege Vulnerability \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Windows Kernel Local Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17087"], "modified": "2021-01-12T08:00:00", "id": "MS:CVE-2020-17087", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:24:30", "description": "Scripting Engine Memory Corruption Vulnerability \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17052"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17052", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17052", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T18:24:30", "description": "Internet Explorer Memory Corruption Vulnerability \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Internet Explorer Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17053"], "modified": "2020-11-10T08:00:00", "id": "MS:CVE-2020-17053", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17053", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-17T17:51:00", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17082", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17082", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T17:51:21", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17078", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17078", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T17:51:21", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17079", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T17:50:59", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T08:00:00", "type": "mscve", "title": "Raw Image Extension Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2021-04-19T07:00:00", "id": "MS:CVE-2020-17086", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:03", "description": "A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Network File System Remote Code Execution (CVE-2020-17051)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1175", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:13", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-04T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Kernel Local Elevation of Privilege (CVE-2020-17087)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17087"], "modified": "2020-11-04T00:00:00", "id": "CPAI-2020-1165", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:04", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Browser Scripting Engine Memory Corruption (CVE-2020-17052)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17052"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1158", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:11", "description": "A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Memory Corruption (CVE-2020-17053)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17053"], "modified": "2020-11-10T00:00:00", "id": "CPAI-2020-1159", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:27", "description": "A memory corruption vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-24T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome Memory Corruption (CVE-2020-15999)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-24T00:00:00", "id": "CPAI-2020-1069", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T14:31:59", "description": "Windows Network File System Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17051", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17051"], "modified": "2020-11-23T13:57:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:1903"], "id": "CVE-2020-17051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17051", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T16:00:11", "description": "Windows Kernel Local Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17087", "cwe": ["CWE-681"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17087"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2020-17087", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17087", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp2:*:*:*:*:x64:*"]}, {"lastseen": "2022-03-23T14:32:38", "description": "Scripting Engine Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17052", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17052"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-17052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17052", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:32:25", "description": "Internet Explorer Memory Corruption Vulnerability", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17053", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17053"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2020-17053", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17053", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:06:44", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-11-03T03:15:00", "type": "cve", "title": "CVE-2020-15999", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-01-28T17:40:00", "cpe": ["cpe:/a:opensuse:backports_sle:15.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:debian:debian_linux:10.0"], "id": "CVE-2020-15999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:33:53", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17078", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17078", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T14:33:53", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17079", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17079", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T14:34:03", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17086", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T14:33:58", "description": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-11T07:15:00", "type": "cve", "title": "CVE-2020-17082", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17082", "CVE-2020-17086"], "modified": "2020-11-17T21:47:00", "cpe": [], "id": "CVE-2020-17082", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17082", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "kaspersky": [{"lastseen": "2021-08-18T10:59:50", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nInternet Explorer 11 \nChakraCore \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) and follow additional recommendations for CVE-2020-17052.\n\n### *Original advisories*:\n[CVE-2020-17053](<https://nvd.nist.gov/vuln/detail/CVE-2020-17053>) \n[CVE-2020-17052](<https://nvd.nist.gov/vuln/detail/CVE-2020-17052>) \n[CVE-2020-17058](<https://nvd.nist.gov/vuln/detail/CVE-2020-17058>) \n[CVE-2020-17048](<https://nvd.nist.gov/vuln/detail/CVE-2020-17048>) \n[CVE-2020-17054](<https://nvd.nist.gov/vuln/detail/CVE-2020-17054>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2020-17053](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17053>)7.6Critical \n[CVE-2020-17052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17052>)6.8High \n[CVE-2020-17058](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17058>)7.6Critical \n[CVE-2020-17048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17048>)6.8High \n[CVE-2020-17054](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17054>)7.6Critical\n\n### *KB list*:\n[4586785](<http://support.microsoft.com/kb/4586785>) \n[4586793](<http://support.microsoft.com/kb/4586793>) \n[4586787](<http://support.microsoft.com/kb/4586787>) \n[4586786](<http://support.microsoft.com/kb/4586786>) \n[4586781](<http://support.microsoft.com/kb/4586781>) \n[4586827](<http://support.microsoft.com/kb/4586827>) \n[4586768](<http://support.microsoft.com/kb/4586768>) \n[4586834](<http://support.microsoft.com/kb/4586834>) \n[4586830](<http://support.microsoft.com/kb/4586830>) \n[4586845](<http://support.microsoft.com/kb/4586845>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA11997 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17048", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17058"], "modified": "2021-07-27T00:00:00", "id": "KLA11997", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11997/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:00:02", "description": "### *Detect date*:\n10/20/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nGoogle Chrome earlier than 86.0.4240.111\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2020-16001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001>)6.8High \n[CVE-2020-15999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>)4.3Warning \n[CVE-2020-16002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002>)6.8High \n[CVE-2020-16003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003>)6.8High \n[CVE-2020-16000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-20T00:00:00", "type": "kaspersky", "title": "KLA11986 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2020-11-30T00:00:00", "id": "KLA11986", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11986/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T10:59:32", "description": "### *Detect date*:\n10/29/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nOpera earlier than 72.0.3815.186\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 72](<https://blogs.opera.com/desktop/changelog-for-72/#b3815.186>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2020-16001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001>)6.8High \n[CVE-2020-15999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>)4.3Warning \n[CVE-2020-16002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002>)6.8High \n[CVE-2020-16003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003>)6.8High \n[CVE-2020-16000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-29T00:00:00", "type": "kaspersky", "title": "KLA12013 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2020-11-30T00:00:00", "id": "KLA12013", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12013/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T18:03:04", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows RT 8.1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>) \n[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>) \n[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>) \n[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>) \n[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>) \n[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>) \n[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>) \n[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>) \n[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>) \n[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>) \n[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>) \n[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>) \n[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>) \n[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>) \n[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>) \n[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>) \n[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>) \n[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>) \n[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>) \n[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>) \n[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-17043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17043>)6.8High \n[CVE-2020-17069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17069>)2.1Warning \n[CVE-2020-17087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17087>)7.2High \n[CVE-2020-17088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17088>)4.6Warning \n[CVE-2020-17045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17045>)4.9Warning \n[CVE-2020-17047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17047>)7.8Critical \n[CVE-2020-17042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17042>)9.3Critical \n[CVE-2020-1599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1599>)2.1Warning \n[CVE-2020-17044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17044>)6.8High \n[CVE-2020-16997](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16997>)4.0Warning \n[CVE-2020-17014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17014>)6.6High \n[CVE-2020-17038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17038>)7.2High \n[CVE-2020-17011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17011>)7.2High \n[CVE-2020-17029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17029>)4.9Warning \n[CVE-2020-17000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17000>)2.1Warning \n[CVE-2020-17001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17001>)4.6Warning \n[CVE-2020-17068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17068>)7.2High \n[CVE-2020-17036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17036>)4.9Warning \n[CVE-2020-17004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17004>)2.1Warning \n[CVE-2020-17049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049>)9.0Critical\n\n### *KB list*:\n[4586827](<http://support.microsoft.com/kb/4586827>) \n[4586817](<http://support.microsoft.com/kb/4586817>) \n[4586805](<http://support.microsoft.com/kb/4586805>) \n[4586807](<http://support.microsoft.com/kb/4586807>) \n[5004289](<http://support.microsoft.com/kb/5004289>) \n[5004307](<http://support.microsoft.com/kb/5004307>) \n[5004299](<http://support.microsoft.com/kb/5004299>) \n[5004305](<http://support.microsoft.com/kb/5004305>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2022-01-18T00:00:00", "id": "KLA12003", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12003/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T10:59:33", "description": "### *Detect date*:\n11/17/2020\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nMozilla Thunderbird earlier than 78.5\n\n### *Solution*:\nUpdate to the latest version \n[Download Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[MFSA2020-51](<https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2020-15999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999>)4.3Warning \n[CVE-2020-16012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012>)4.3Warning \n[CVE-2020-26951](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951>)4.3Warning \n[CVE-2020-26953](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953>)4.3Warning \n[CVE-2020-26956](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956>)4.3Warning \n[CVE-2020-26968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968>)9.3Critical \n[CVE-2020-26961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961>)4.3Warning \n[CVE-2020-26960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960>)9.3Critical \n[CVE-2020-26965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965>)4.3Warning \n[CVE-2020-26959](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959>)6.8High \n[CVE-2020-26966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966>)4.3Warning \n[CVE-2020-26958](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958>)4.3Warning", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-17T00:00:00", "type": "kaspersky", "title": "KLA12012 Multiple vulnerabilities in Mozilla Thunderbird", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2020-11-30T00:00:00", "id": "KLA12012", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12012/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T18:03:01", "description": "### *Detect date*:\n11/10/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows 10 Version 1909 for ARM64-based Systems \nWindows Server 2019 \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows Server, version 1903 (Server Core installation) \nRaw Image Extension \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 2004 for ARM64-based Systems \nAV1 Video Extension \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows RT 8.1 \nWebP Image Extension \nWindows 10 Version 1803 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 for x64-based Systems \nWindows Server 2012 \nHEIF Image Extension \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 R2 \nWindows 10 Version 1903 for 32-bit Systems \nWindows Server 2016 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server, version 2004 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17081](<https://nvd.nist.gov/vuln/detail/CVE-2020-17081>) \n[CVE-2020-17082](<https://nvd.nist.gov/vuln/detail/CVE-2020-17082>) \n[CVE-2020-17075](<https://nvd.nist.gov/vuln/detail/CVE-2020-17075>) \n[CVE-2020-17049](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-17049>) \n[CVE-2020-17086](<https://nvd.nist.gov/vuln/detail/CVE-2020-17086>) \n[CVE-2020-17087](<https://nvd.nist.gov/vuln/detail/CVE-2020-17087>) \n[CVE-2020-17088](<https://nvd.nist.gov/vuln/detail/CVE-2020-17088>) \n[CVE-2020-17045](<https://nvd.nist.gov/vuln/detail/CVE-2020-17045>) \n[CVE-2020-17046](<https://nvd.nist.gov/vuln/detail/CVE-2020-17046>) \n[CVE-2020-17047](<https://nvd.nist.gov/vuln/detail/CVE-2020-17047>) \n[CVE-2020-17040](<https://nvd.nist.gov/vuln/detail/CVE-2020-17040>) \n[CVE-2020-17041](<https://nvd.nist.gov/vuln/detail/CVE-2020-17041>) \n[CVE-2020-17042](<https://nvd.nist.gov/vuln/detail/CVE-2020-17042>) \n[CVE-2020-17043](<https://nvd.nist.gov/vuln/detail/CVE-2020-17043>) \n[CVE-2020-17101](<https://nvd.nist.gov/vuln/detail/CVE-2020-17101>) \n[CVE-2020-17026](<https://nvd.nist.gov/vuln/detail/CVE-2020-17026>) \n[CVE-2020-17102](<https://nvd.nist.gov/vuln/detail/CVE-2020-17102>) \n[CVE-2020-17106](<https://nvd.nist.gov/vuln/detail/CVE-2020-17106>) \n[CVE-2020-17028](<https://nvd.nist.gov/vuln/detail/CVE-2020-17028>) \n[CVE-2020-17029](<https://nvd.nist.gov/vuln/detail/CVE-2020-17029>) \n[CVE-2020-17000](<https://nvd.nist.gov/vuln/detail/CVE-2020-17000>) \n[CVE-2020-17001](<https://nvd.nist.gov/vuln/detail/CVE-2020-17001>) \n[CVE-2020-17024](<https://nvd.nist.gov/vuln/detail/CVE-2020-17024>) \n[CVE-2020-17025](<https://nvd.nist.gov/vuln/detail/CVE-2020-17025>) \n[CVE-2020-17004](<https://nvd.nist.gov/vuln/detail/CVE-2020-17004>) \n[CVE-2020-17068](<https://nvd.nist.gov/vuln/detail/CVE-2020-17068>) \n[CVE-2020-17007](<https://nvd.nist.gov/vuln/detail/CVE-2020-17007>) \n[CVE-2020-17069](<https://nvd.nist.gov/vuln/detail/CVE-2020-17069>) \n[CVE-2020-16999](<https://nvd.nist.gov/vuln/detail/CVE-2020-16999>) \n[CVE-2020-17038](<https://nvd.nist.gov/vuln/detail/CVE-2020-17038>) \n[CVE-2020-17034](<https://nvd.nist.gov/vuln/detail/CVE-2020-17034>) \n[CVE-2020-1599](<https://nvd.nist.gov/vuln/detail/CVE-2020-1599>) \n[CVE-2020-17044](<https://nvd.nist.gov/vuln/detail/CVE-2020-17044>) \n[CVE-2020-17109](<https://nvd.nist.gov/vuln/detail/CVE-2020-17109>) \n[CVE-2020-17033](<https://nvd.nist.gov/vuln/detail/CVE-2020-17033>) \n[CVE-2020-17090](<https://nvd.nist.gov/vuln/detail/CVE-2020-17090>) \n[CVE-2020-17027](<https://nvd.nist.gov/vuln/detail/CVE-2020-17027>) \n[CVE-2020-17030](<https://nvd.nist.gov/vuln/detail/CVE-2020-17030>) \n[CVE-2020-17051](<https://nvd.nist.gov/vuln/detail/CVE-2020-17051>) \n[CVE-2020-17057](<https://nvd.nist.gov/vuln/detail/CVE-2020-17057>) \n[CVE-2020-17056](<https://nvd.nist.gov/vuln/detail/CVE-2020-17056>) \n[CVE-2020-17055](<https://nvd.nist.gov/vuln/detail/CVE-2020-17055>) \n[CVE-2020-17108](<https://nvd.nist.gov/vuln/detail/CVE-2020-17108>) \n[CVE-2020-17070](<https://nvd.nist.gov/vuln/detail/CVE-2020-17070>) \n[CVE-2020-17073](<https://nvd.nist.gov/vuln/detail/CVE-2020-17073>) \n[CVE-2020-17014](<https://nvd.nist.gov/vuln/detail/CVE-2020-17014>) \n[CVE-2020-17013](<https://nvd.nist.gov/vuln/detail/CVE-2020-17013>) \n[CVE-2020-17074](<https://nvd.nist.gov/vuln/detail/CVE-2020-17074>) \n[CVE-2020-17011](<https://nvd.nist.gov/vuln/detail/CVE-2020-17011>) \n[CVE-2020-17010](<https://nvd.nist.gov/vuln/detail/CVE-2020-17010>) \n[CVE-2020-17035](<https://nvd.nist.gov/vuln/detail/CVE-2020-17035>) \n[CVE-2020-17078](<https://nvd.nist.gov/vuln/detail/CVE-2020-17078>) \n[CVE-2020-17037](<https://nvd.nist.gov/vuln/detail/CVE-2020-17037>) \n[CVE-2020-17036](<https://nvd.nist.gov/vuln/detail/CVE-2020-17036>) \n[CVE-2020-17031](<https://nvd.nist.gov/vuln/detail/CVE-2020-17031>) \n[CVE-2020-16998](<https://nvd.nist.gov/vuln/detail/CVE-2020-16998>) \n[CVE-2020-17076](<https://nvd.nist.gov/vuln/detail/CVE-2020-17076>) \n[CVE-2020-17032](<https://nvd.nist.gov/vuln/detail/CVE-2020-17032>) \n[CVE-2020-16997](<https://nvd.nist.gov/vuln/detail/CVE-2020-16997>) \n[CVE-2020-17071](<https://nvd.nist.gov/vuln/detail/CVE-2020-17071>) \n[CVE-2020-17113](<https://nvd.nist.gov/vuln/detail/CVE-2020-17113>) \n[CVE-2020-17077](<https://nvd.nist.gov/vuln/detail/CVE-2020-17077>) \n[CVE-2020-17110](<https://nvd.nist.gov/vuln/detail/CVE-2020-17110>) \n[CVE-2020-17107](<https://nvd.nist.gov/vuln/detail/CVE-2020-17107>) \n[CVE-2020-17105](<https://nvd.nist.gov/vuln/detail/CVE-2020-17105>) \n[CVE-2020-17079](<https://nvd.nist.gov/vuln/detail/CVE-2020-17079>) \n[CVE-2020-17012](<https://nvd.nist.gov/vuln/detail/CVE-2020-17012>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Server 2012](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/>)\n\n### *CVE-IDS*:\n[CVE-2020-17043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17043>)6.8High \n[CVE-2020-17069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17069>)2.1Warning \n[CVE-2020-17087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17087>)7.2High \n[CVE-2020-17088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17088>)4.6Warning \n[CVE-2020-17045](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17045>)4.9Warning \n[CVE-2020-17047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17047>)7.8Critical \n[CVE-2020-17042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17042>)9.3Critical \n[CVE-2020-1599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1599>)2.1Warning \n[CVE-2020-17044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17044>)6.8High \n[CVE-2020-16997](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16997>)4.0Warning \n[CVE-2020-17014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17014>)6.6High \n[CVE-2020-17038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17038>)7.2High \n[CVE-2020-17011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17011>)7.2High \n[CVE-2020-17029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17029>)4.9Warning \n[CVE-2020-17000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17000>)2.1Warning \n[CVE-2020-17001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17001>)4.6Warning \n[CVE-2020-17068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17068>)7.2High \n[CVE-2020-17036](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17036>)4.9Warning \n[CVE-2020-17004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17004>)2.1Warning \n[CVE-2020-17081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17081>)5.0Critical \n[CVE-2020-17082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17082>)7.5Critical \n[CVE-2020-17075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17075>)4.6Warning \n[CVE-2020-17049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049>)9.0Critical \n[CVE-2020-17086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17086>)7.5Critical \n[CVE-2020-17046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17046>)4.9Warning \n[CVE-2020-17040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17040>)7.5Critical \n[CVE-2020-17041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17041>)7.2High \n[CVE-2020-17101](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17101>)4.6Warning \n[CVE-2020-17026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17026>)4.6Warning \n[CVE-2020-17102](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17102>)2.1Warning \n[CVE-2020-17106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17106>)9.3Critical \n[CVE-2020-17028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17028>)4.6Warning \n[CVE-2020-17024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17024>)7.2High \n[CVE-2020-17025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17025>)4.6Warning \n[CVE-2020-17007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17007>)4.6Warning \n[CVE-2020-16999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16999>)2.1Warning \n[CVE-2020-17034](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17034>)4.6Warning \n[CVE-2020-17109](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17109>)9.3Critical \n[CVE-2020-17033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17033>)4.6Warning \n[CVE-2020-17090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17090>)7.5Critical \n[CVE-2020-17027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17027>)4.6Warning \n[CVE-2020-17030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17030>)4.9Warning \n[CVE-2020-17057](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17057>)7.2High \n[CVE-2020-17056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17056>)2.1Warning \n[CVE-2020-17055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17055>)6.8High \n[CVE-2020-17108](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17108>)9.3Critical \n[CVE-2020-17070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17070>)7.2High \n[CVE-2020-17073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17073>)4.6Warning \n[CVE-2020-17013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17013>)2.1Warning \n[CVE-2020-17074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17074>)7.2High \n[CVE-2020-17010](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17010>)7.2High \n[CVE-2020-17035](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17035>)7.2High \n[CVE-2020-17078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17078>)7.5Critical \n[CVE-2020-17037](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17037>)7.2High \n[CVE-2020-17031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17031>)4.6Warning \n[CVE-2020-16998](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16998>)4.6Warning \n[CVE-2020-17076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17076>)7.2High \n[CVE-2020-17032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17032>)4.6Warning \n[CVE-2020-17071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17071>)2.1Warning \n[CVE-2020-17113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17113>)2.1Warning \n[CVE-2020-17077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17077>)7.2High \n[CVE-2020-17110](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17110>)9.3Critical \n[CVE-2020-17107](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17107>)9.3Critical \n[CVE-2020-17079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17079>)7.5Critical \n[CVE-2020-17012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17012>)4.6Warning\n\n### *KB list*:\n[4586785](<http://support.microsoft.com/kb/4586785>) \n[4586793](<http://support.microsoft.com/kb/4586793>) \n[4586787](<http://support.microsoft.com/kb/4586787>) \n[4586786](<http://support.microsoft.com/kb/4586786>) \n[4586781](<http://support.microsoft.com/kb/4586781>) \n[4586834](<http://support.microsoft.com/kb/4586834>) \n[4586830](<http://support.microsoft.com/kb/4586830>) \n[4586845](<http://support.microsoft.com/kb/4586845>) \n[4586808](<http://support.microsoft.com/kb/4586808>) \n[4586823](<http://support.microsoft.com/kb/4586823>) \n[4592449](<http://support.microsoft.com/kb/4592449>) \n[4598278](<http://support.microsoft.com/kb/4598278>) \n[4598297](<http://support.microsoft.com/kb/4598297>) \n[5001337](<http://support.microsoft.com/kb/5001337>) \n[5004238](<http://support.microsoft.com/kb/5004238>) \n[5004302](<http://support.microsoft.com/kb/5004302>) \n[5004294](<http://support.microsoft.com/kb/5004294>) \n[5004237](<http://support.microsoft.com/kb/5004237>) \n[5004244](<http://support.microsoft.com/kb/5004244>) \n[5004298](<http://support.microsoft.com/kb/5004298>) \n[5004285](<http://support.microsoft.com/kb/5004285>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "kaspersky", "title": "KLA12004 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17078", "CVE-2020-17079", "CVE-2020-17081", "CVE-2020-17082", "CVE-2020-17086", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17101", "CVE-2020-17102", "CVE-2020-17105", "CVE-2020-17106", "CVE-2020-17107", "CVE-2020-17108", "CVE-2020-17109", "CVE-2020-17110", "CVE-2020-17113"], "modified": "2022-01-18T00:00:00", "id": "KLA12004", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12004/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "Windows Kernel Local Privilege Escalation Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Kernel Cryptography Driver Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17087"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-17087", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T17:26:47", "description": "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Google Chrome FreeType Memory Corruption", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2020-15999", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "githubexploit": [{"lastseen": "2022-08-18T14:49:56", "description": "<!DOCTYPE html>\n<html dir=\"rtl\" lang=\"fa-IR\">\n\n<head>\n\t<meta cha...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T16:03:16", "type": "githubexploit", "title": "Exploit for Incorrect Conversion between Numeric Types in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17087"], "modified": "2022-08-18T02:40:47", "id": "D1090FCA-95F0-58E7-AD3C-CF926A704D6B", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-08-13T08:27:48", "description": "# CVE-2020-15999\n\nHere you will all the resources in order to ex...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-30T19:58:33", "type": "githubexploit", "title": "Exploit for Out-of-bounds Write in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-08-13T08:25:57", "id": "29E9BCA7-54F3-559F-8592-052F7EC902DA", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-29T10:08:39", "description": "# CVE-2020-15999\n\nRepositorio con un scr...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-12-30T18:02:23", "type": "githubexploit", "title": "Exploit for Out-of-bounds Write in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2020-12-30T18:05:25", "id": "8AB7F240-396E-5E7F-8F3A-483C176C91EE", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "privateArea": 1}, {"lastseen": "2022-06-10T15:05:37", "description": "# CVE-2020-15999\nCVE-2020-15999\n\nAdded font with SBIX table (bas...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-10-28T16:16:25", "type": "githubexploit", "title": "Exploit for Out-of-bounds Write in Google Chrome", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15999"], "modified": "2022-06-10T10:41:16", "id": "6E74F3AA-DE31-51CF-AFCB-E689CEE7AC4A", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "privateArea": 1}], "nessus": [{"lastseen": "2022-08-16T15:37:41", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :\n\n - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-17052)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (November 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17052"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/142691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142691);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2020-17052\");\n script_xref(name:\"MSKB\", value:\"4586827\");\n script_xref(name:\"MSKB\", value:\"4586845\");\n script_xref(name:\"MSKB\", value:\"4586768\");\n script_xref(name:\"MSFT\", value:\"MS20-4586827\");\n script_xref(name:\"MSFT\", value:\"MS20-4586845\");\n script_xref(name:\"MSFT\", value:\"MS20-4586768\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n\n script_name(english:\"Security Updates for Internet Explorer (November 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing a security update. It is, therefore, affected by the\nfollowing vulnerability :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-17052)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586827/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586845/windows-8-1-update\");\n # https://support.microsoft.com/en-us/help/4586834/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82b0555c\");\n # https://support.microsoft.com/en-us/help/4586768/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f87d3078\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4586827\n -KB4586845\n -KB4586768\n -KB4586834\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-11';\nkbs = make_list(\n '4586768',\n '4586845',\n '4586834',\n '4586827'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19867\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4586768\") ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.19867\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4586768\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.19867\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4586768\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4586768 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == \"6.3\")\n {\n report += ' - KB4586845 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-11', kb:'4586845', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4586834 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-11', kb:'4586834', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4586827 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS20-11', kb:'4586827', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n port = kb_smb_transport();\n replace_kb_item(name:'www/' + port + '/XSS', value:TRUE);\n\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-17T15:04:53", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:freetype", "p-cpe:/a:zte:cgsl_core:freetype-demos", "p-cpe:/a:zte:cgsl_core:freetype-devel", "p-cpe:/a:zte:cgsl_main:freetype", "p-cpe:/a:zte:cgsl_main:freetype-demos", "p-cpe:/a:zte:cgsl_main:freetype-devel", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0144_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/154544", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0144. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154544);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : freetype Vulnerability (NS-SA-2021-0144)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freetype packages installed that are affected\nby a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0144\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ],\n 'CGSL MAIN 5.05': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T16:13:49", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : freetype (ALSA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:freetype", "p-cpe:/a:alma:linux:freetype-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/157599", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2020:4952.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157599);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"ALSA\", value:\"2020:4952\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"AlmaLinux 8 : freetype (ALSA-2020:4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2020:4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2020-4952.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:52:45", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : freetype Vulnerability (NS-SA-2021-0061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-12-13T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0061_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/147265", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0061. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147265);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : freetype Vulnerability (NS-SA-2021-0061)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has freetype packages installed that are affected by a\nvulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'freetype-2.9.1-4.el8_3.1',\n 'freetype-debuginfo-2.9.1-4.el8_3.1',\n 'freetype-debugsource-2.9.1-4.el8_3.1',\n 'freetype-demos-2.9.1-4.el8_3.1',\n 'freetype-demos-debuginfo-2.9.1-4.el8_3.1',\n 'freetype-devel-2.9.1-4.el8_3.1'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:51:16", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freetype packages installed that are affected by a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : freetype Vulnerability (NS-SA-2021-0013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0013_FREETYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/147370", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0013. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147370);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : freetype Vulnerability (NS-SA-2021-0013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freetype packages installed that are affected\nby a vulnerability:\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL freetype packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-debuginfo-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ],\n 'CGSL MAIN 5.04': [\n 'freetype-2.8-14.el7_9.1',\n 'freetype-debuginfo-2.8-14.el7_9.1',\n 'freetype-demos-2.8-14.el7_9.1',\n 'freetype-devel-2.8-14.el7_9.1'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:51:58", "description": "According to the version of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : freetype (EulerOS-SA-2021-1598)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-12-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1598.NASL", "href": "https://www.tenable.com/plugins/nessus/147508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147508);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : freetype (EulerOS-SA-2021-1598)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1598\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc62e1ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:23:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4950 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4950)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4950.NASL", "href": "https://www.tenable.com/plugins/nessus/142470", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4950. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142470);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4950\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4950)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4950 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'freetype-devel-2.9.1-4.el8_1.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:23:03", "description": "Security Fix(es) :\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : freetype on SL7.x x86_64 (20201104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:freetype", "p-cpe:/a:fermilab:scientific_linux:freetype-debuginfo", "p-cpe:/a:fermilab:scientific_linux:freetype-demos", "p-cpe:/a:fermilab:scientific_linux:freetype-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201104_FREETYPE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/142556", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142556);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL7.x x86_64 (20201104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - freetype: Heap-based buffer overflow due to integer\n truncation in Load_SBit_Png (CVE-2020-15999)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2011&L=SCIENTIFIC-LINUX-ERRATA&P=712\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b7187c5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-debuginfo-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-demos-2.8-14.el7_9.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-devel-2.8-14.el7_9.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:23:59", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-14T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : freetype (ELSA-2020-4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-devel"], "id": "ORACLELINUX_ELSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/142895", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4952.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142895);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Oracle Linux 8 : freetype (ELSA-2020-4952)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-4952 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4952.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8'},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:01", "description": "According to the version of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2483.NASL", "href": "https://www.tenable.com/plugins/nessus/143413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143413);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2483)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2483\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc07def5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:26:16", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1565 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : freetype (ALAS-2020-1565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:freetype", "p-cpe:/a:amazon:linux:freetype-debuginfo", "p-cpe:/a:amazon:linux:freetype-demos", "p-cpe:/a:amazon:linux:freetype-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1565.NASL", "href": "https://www.tenable.com/plugins/nessus/143583", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1565.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143583);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"ALAS\", value:\"2020-1565\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Amazon Linux 2 : freetype (ALAS-2020-1565)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1565 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1565.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update freetype' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-debuginfo-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-demos-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'freetype-devel-2.8-14.amzn2.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / etc\");\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:26:17", "description": "This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:2995-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freetype2-debugsource", "p-cpe:/a:novell:suse_linux:freetype2-devel", "p-cpe:/a:novell:suse_linux:ftdump", "p-cpe:/a:novell:suse_linux:libfreetype6", "p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143803", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2995-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143803);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : freetype2 (SUSE-SU-2020:2995-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of\nembedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15999/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202995-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?778f52ba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2995=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2995=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2995=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2995=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"ftdump-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"freetype2-debugsource-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"freetype2-devel-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"ftdump-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libfreetype6-2.10.1-4.8.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.10.1-4.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:25:51", "description": "According to the version of the freetype packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : freetype (EulerOS-SA-2020-2510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "p-cpe:/a:huawei:euleros:freetype-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2510.NASL", "href": "https://www.tenable.com/plugins/nessus/144192", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144192);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS 2.0 SP8 : freetype (EulerOS-SA-2020-2510)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2510\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d16a81fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.9.1-2.h1.eulerosv2r8\",\n \"freetype-devel-2.9.1-2.h1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:50", "description": "New freetype packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-21T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : freetype (SSA:2020-294-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:freetype", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-294-01.NASL", "href": "https://www.tenable.com/plugins/nessus/141673", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-294-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141673);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"SSA\", value:\"2020-294-01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : freetype (SSA:2020-294-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New freetype packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.420341\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cf82db4\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"i486\", pkgnum:\"3_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"i486\", pkgnum:\"3_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.5.5\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"freetype\", pkgver:\"2.6.3\", pkgarch:\"i586\", pkgnum:\"3_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.6.3\", pkgarch:\"x86_64\", pkgnum:\"3_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"freetype\", pkgver:\"2.10.4\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"freetype\", pkgver:\"2.10.4\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:52", "description": "The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:freetype2", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_458DF97F144011EBAAECE0D55E2A8BF9.NASL", "href": "https://www.tenable.com/plugins/nessus/141844", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141844);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : freetype2 -- heap buffer overlfow (458df97f-1440-11eb-aaec-e0d55e2a8bf9)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The freetype project reports :\n\nA heap buffer overflow has been found in the handling of embedded PNG\nbitmaps, introduced in FreeType version 2.6.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/\"\n );\n # https://vuxml.freebsd.org/freebsd/458df97f-1440-11eb-aaec-e0d55e2a8bf9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dea85915\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.10.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:28", "description": "The remote host is affected by the vulnerability described in GLSA-202010-07 (FreeType: Arbitrary code execution)\n\n A flaw in FreeType’s handling of embedded PNG bitmaps was discovered where the image height and width was not checked to be within bounds.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted font file using FreeType possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "GLSA-202010-07 : FreeType: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202010-07.NASL", "href": "https://www.tenable.com/plugins/nessus/141837", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202010-07.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141837);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"GLSA\", value:\"202010-07\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"GLSA-202010-07 : FreeType: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202010-07\n(FreeType: Arbitrary code execution)\n\n A flaw in FreeType’s handling of embedded PNG bitmaps was discovered\n where the image height and width was not checked to be within bounds.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font\n file using FreeType possibly resulting in the execution of arbitrary code\n with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://savannah.nongnu.org/bugs/?59308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202010-07\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.10.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.10.3-r1\"), vulnerable:make_list(\"lt 2.10.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:28", "description": "Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 32 : freetype (2020-6299161e89)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-6299161E89.NASL", "href": "https://www.tenable.com/plugins/nessus/141907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6299161e89.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141907);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-6299161e89\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 32 : freetype (2020-6299161e89)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6299161e89\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"freetype-2.10.4-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:28", "description": "Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Fedora 33 : freetype (2020-768b1690f8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-768B1690F8.NASL", "href": "https://www.tenable.com/plugins/nessus/141882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-768b1690f8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141882);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-768b1690f8\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 33 : freetype (2020-768b1690f8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to freetype 2.10.4 which fixes security flaw CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-768b1690f8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"freetype-2.10.4-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:51", "description": "This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-2020-1744)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-profile-tti35", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:ftbench", "p-cpe:/a:novell:opensuse:ftdiff", "p-cpe:/a:novell:opensuse:ftdump", "p-cpe:/a:novell:opensuse:ftgamma", "p-cpe:/a:novell:opensuse:ftgrid", "p-cpe:/a:novell:opensuse:ftinspect", "p-cpe:/a:novell:opensuse:ftlint", "p-cpe:/a:novell:opensuse:ftmulti", "p-cpe:/a:novell:opensuse:ftstring", "p-cpe:/a:novell:opensuse:ftvalid", "p-cpe:/a:novell:opensuse:ftview", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1744.NASL", "href": "https://www.tenable.com/plugins/nessus/141926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1744.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141926);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2020-1744)\");\n script_summary(english:\"Check for the openSUSE-2020-1744 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in\n the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177914\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-profile-tti35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftbench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftinspect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftlint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftmulti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftvalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-debugsource-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-devel-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"freetype2-profile-tti35-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ft2demos-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftbench-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftdiff-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftdump-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftgamma-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftgrid-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftinspect-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftlint-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftmulti-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftstring-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftvalid-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ftview-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libfreetype6-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libfreetype6-debuginfo-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-lp152.2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-lp152.2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-profile-tti35 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:22:12", "description": "This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-2020-1734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-profile-tti35", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:ftbench", "p-cpe:/a:novell:opensuse:ftdiff", "p-cpe:/a:novell:opensuse:ftdump", "p-cpe:/a:novell:opensuse:ftgamma", "p-cpe:/a:novell:opensuse:ftgrid", "p-cpe:/a:novell:opensuse:ftinspect", "p-cpe:/a:novell:opensuse:ftlint", "p-cpe:/a:novell:opensuse:ftmulti", "p-cpe:/a:novell:opensuse:ftstring", "p-cpe:/a:novell:opensuse:ftvalid", "p-cpe:/a:novell:opensuse:ftview", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1734.NASL", "href": "https://www.tenable.com/plugins/nessus/142039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1734.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142039);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2020-1734)\");\n script_summary(english:\"Check for the openSUSE-2020-1734 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 fixes the following issues :\n\n - CVE-2020-15999: fixed a heap buffer overflow found in\n the handling of embedded PNG bitmaps (bsc#1177914).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177914\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-profile-tti35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftbench\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdiff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgamma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftgrid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftinspect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftlint\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftmulti\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftvalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ftview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-debugsource-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-devel-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"freetype2-profile-tti35-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libfreetype6-debuginfo-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ft2demos-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftbench-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdiff-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftdump-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgamma-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftgrid-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftinspect-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftlint-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftmulti-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftstring-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftvalid-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"ftview-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.10.1-lp151.4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-debuginfo-2.10.1-lp151.4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-profile-tti35 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:23:03", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : freetype (RHSA-2020:4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142457", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4907. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142457);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4907\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 7 : freetype (RHSA-2020:4907)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:28", "description": "Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor Debian 9 stretch, this problem has been fixed in version 2.6.3-3.2+deb9u2.\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "Debian DLA-2415-1 : freetype security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype2-demos", "p-cpe:/a:debian:debian_linux:libfreetype6", "p-cpe:/a:debian:debian_linux:libfreetype6-dev", "p-cpe:/a:debian:debian_linux:libfreetype6-udeb", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2415.NASL", "href": "https://www.tenable.com/plugins/nessus/141910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2415-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141910);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DLA-2415-1 : freetype security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Sergei Glazunov discovered a heap-based buffer overflow vulnerability\nin the handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2.6.3-3.2+deb9u2.\n\nWe recommend that you upgrade your freetype packages.\n\nFor the detailed security status of freetype please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/freetype\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/freetype\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfreetype6-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"freetype2-demos\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6-dev\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libfreetype6-udeb\", reference:\"2.6.3-3.2+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:22:34", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4593-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : FreeType vulnerability (USN-4593-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:freetype2-demos", "p-cpe:/a:canonical:ubuntu_linux:libfreetype-dev", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6-udeb"], "id": "UBUNTU_USN-4593-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141615", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4593-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141615);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"USN\", value:\"4593-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : FreeType vulnerability (USN-4593-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4593-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4593-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-udeb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2021 Canonical, Inc. / NASL script (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '16.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.6.1-0.1ubuntu2.5'},\n {'osver': '18.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '18.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.8.1-2ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'freetype2-demos', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype-dev', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6-dev', 'pkgver': '2.10.1-2ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libfreetype6-udeb', 'pkgver': '2.10.1-2ubuntu0.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype2-demos / libfreetype-dev / libfreetype6 / libfreetype6-dev / etc');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:23:03", "description": "Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-09T00:00:00", "type": "nessus", "title": "Fedora 31 : freetype (2020-6b35849edd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:freetype", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-6B35849EDD.NASL", "href": "https://www.tenable.com/plugins/nessus/142621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-6b35849edd.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142621);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"FEDORA\", value:\"2020-6b35849edd\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Fedora 31 : freetype (2020-6b35849edd)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-15999.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-6b35849edd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected freetype package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"freetype-2.10.0-4.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:52:20", "description": "According to the version of the freetype package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : freetype (EulerOS-SA-2021-1652)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/147677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147677);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : freetype (EulerOS-SA-2021-1652)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1652\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?827ccf98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:11:18", "description": "The version of Google Chrome installed on the remote host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "id": "701289.PASL", "href": "https://www.tenable.com/plugins/nnm/701289", "sourceData": "Binary data 701289.pasl", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-19T15:23:31", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4949 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4949)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4949.NASL", "href": "https://www.tenable.com/plugins/nessus/142469", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4949. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142469);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4949\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4949)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4949 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_0'\n ],\n 'rhel_e4s_8_0_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_0'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_0.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-2.9.1-4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-devel-2.9.1-4.el8_0.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']},\n {'reference':'freetype-devel-2.9.1-4.el8_0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream', 'rhel_e4s_8_0_baseos', 'rhel_e4s_8_0_highavailability', 'rhel_e4s_8_0_sap', 'rhel_e4s_8_0_sap_hana']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:26:17", "description": "This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : freetype2 (SUSE-SU-2020:2998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:freetype2-debugsource", "p-cpe:/a:novell:suse_linux:ft2demos", "p-cpe:/a:novell:suse_linux:libfreetype6", "p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2998-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143626);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLES12 Security Update : freetype2 (SUSE-SU-2020:2998-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for freetype2 fixes the following issues :\n\nCVE-2020-15999: fixed a heap buffer overflow found in the handling of\nembedded PNG bitmaps (bsc#1177914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15999/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202998-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4262263c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2998=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2998=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2998=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2998=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2998=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2998=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2998=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2998=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2998=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2998=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"freetype2-debugsource-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ft2demos-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-32bit-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-debuginfo-2.6.3-7.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libfreetype6-debuginfo-32bit-2.6.3-7.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:53", "description": "According to the version of the freetype package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2496.NASL", "href": "https://www.tenable.com/plugins/nessus/143387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143387);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS 2.0 SP9 : freetype (EulerOS-SA-2020-2496)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2496\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3cc1835a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.10.1-1.h1.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:53", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4907 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : freetype (ELSA-2020-4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:freetype", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel"], "id": "ORACLELINUX_ELSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142482", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4907.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142482);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Oracle Linux 7 : freetype (ELSA-2020-4907)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-4907 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4907.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'aarch64', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'i686', 'release':'7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:48:08", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : freetype (CESA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-devel"], "id": "CENTOS8_RHSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/145927", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4952. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145927);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4952\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"CentOS 8 : freetype (CESA-2020:4952)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4952\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:26", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4951 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4951)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4951.NASL", "href": "https://www.tenable.com/plugins/nessus/142478", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4951. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142478);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4951\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4951)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4951 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_aus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_e4s_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_2_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_2_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_2',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_2_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_eus_8_2_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_2'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_2_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_2'\n ],\n 'rhel_tus_8_2_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_2'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_2.1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_8_2_appstream', 'rhel_aus_8_2_baseos', 'rhel_e4s_8_2_appstream', 'rhel_e4s_8_2_baseos', 'rhel_e4s_8_2_highavailability', 'rhel_e4s_8_2_sap', 'rhel_e4s_8_2_sap_hana', 'rhel_eus_8_2_appstream', 'rhel_eus_8_2_baseos', 'rhel_eus_8_2_crb', 'rhel_eus_8_2_highavailability', 'rhel_eus_8_2_resilientstorage', 'rhel_eus_8_2_sap', 'rhel_eus_8_2_sap_hana', 'rhel_eus_8_2_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_2_appstream', 'rhel_tus_8_2_baseos', 'rhel_tus_8_2_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:00", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "CentOS 7 : freetype (CESA-2020:4907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:freetype", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-4907.NASL", "href": "https://www.tenable.com/plugins/nessus/142598", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4907 and\n# CentOS Errata and Security Advisory 2020:4907 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142598);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4907\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"CentOS 7 : freetype (CESA-2020:4907)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:4907 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012870.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8ccc74c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype, freetype-demos and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'freetype-2.8-14.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'freetype-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'freetype-demos-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'freetype-devel-2.8-14.el7_9.1', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-demos / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:21:50", "description": "Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "Debian DSA-4777-1 : freetype - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:freetype", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4777.NASL", "href": "https://www.tenable.com/plugins/nessus/141841", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4777. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141841);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"DSA\", value:\"4777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Debian DSA-4777-1 : freetype - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Sergei Glazunov discovered a heap-based buffer overflow vulnerability\nin the handling of embedded PNG bitmaps in FreeType. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4777\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the freetype packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 2.9.1-3+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"freetype2-demos\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"freetype2-doc\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6-dev\", reference:\"2.9.1-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libfreetype6-udeb\", reference:\"2.9.1-3+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-19T15:24:53", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-05T00:00:00", "type": "nessus", "title": "RHEL 8 : freetype (RHSA-2020:4952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2020-4952.NASL", "href": "https://www.tenable.com/plugins/nessus/142480", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4952. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142480);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\");\n script_xref(name:\"RHSA\", value:\"2020:4952\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 8 : freetype (RHSA-2020:4952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:4952 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype and / or freetype-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15999\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'freetype-devel-2.9.1-4.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'freetype / freetype-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-17T14:50:52", "description": "According to the version of the freetype package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : freetype (EulerOS-SA-2021-1585)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:freetype", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1585.NASL", "href": "https://www.tenable.com/plugins/nessus/147034", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147034);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : freetype (EulerOS-SA-2021-1585)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the freetype package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - Heap buffer overflow in Freetype in Google Chrome prior\n to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML\n page.(CVE-2020-15999)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1585\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f443aeb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected freetype package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"freetype-2.9.1-2.h1.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-23T15:11:23", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586827.NASL", "href": "https://www.tenable.com/plugins/nessus/142683", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142683);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17029\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586827\");\n script_xref(name:\"MSKB\", value:\"4586805\");\n script_xref(name:\"MSFT\", value:\"MS20-4586827\");\n script_xref(name:\"MSFT\", value:\"MS20-4586805\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586805: Windows 7 and Windows Server 2008 R2 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586827/windows-7-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586805/windows-7-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586805 or Cumulative Update KB4586827.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586827', '4586805');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586827, 4586805])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:13:09", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586817: Windows Server 2008 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17036", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17045", "CVE-2020-17051", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586817.NASL", "href": "https://www.tenable.com/plugins/nessus/142679", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142679);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17036\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17045\",\n \"CVE-2020-17051\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586817\");\n script_xref(name:\"MSKB\", value:\"4586807\");\n script_xref(name:\"MSFT\", value:\"MS20-4586817\");\n script_xref(name:\"MSFT\", value:\"MS20-4586807\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586817: Windows Server 2008 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586817/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b35330\");\n # https://support.microsoft.com/en-us/help/4586807/windows-server-2008-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a85048a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586817 or Cumulative Update KB4586807.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586817', '4586807');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586817, 4586807])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-19T15:21:30", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-1718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1718.NASL", "href": "https://www.tenable.com/plugins/nessus/141888", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1718.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141888);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1718)\");\n script_summary(english:\"Check for the openSUSE-2020-1718 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp151.2.147.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"chromium-debuginfo-86.0.4240.111-lp151.2.147.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:21:51", "description": "Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by Khalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F4722927137511EB87113065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/141790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141790);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (f4722927-1375-11eb-8711-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release includes 5 security fixes :\n\n- [1125337] High CVE-2020-16000: Inappropriate implementation in\nBlink. Reported by amaebi_jp on 2020-09-06\n\n- [1135018] High CVE-2020-16001: Use after free in media. Reported by\nKhalil Zhani on 2020-10-05\n\n- [1137630] High CVE-2020-16002: Use after free in PDFium. Reported by\nWeipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin\nGroup on 2020-10-13\n\n- [1139963] High CVE-2020-15999: Heap buffer overflow in Freetype.\nReported by Sergei Glazunov of Google Project Zero on 2020-10-19\n\n- [1134960] Medium CVE-2020-16003: Use after free in printing.\nReported by Khalil Zhani on 2020-10-04\"\n );\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?908ce031\"\n );\n # https://vuxml.freebsd.org/freebsd/f4722927-1375-11eb-8711-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1813a7fb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<86.0.4240.111\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:21:54", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2020:4351)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:chromium-browser"], "id": "REDHAT-RHSA-2020-4351.NASL", "href": "https://www.tenable.com/plugins/nessus/142008", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4351. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142008);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"RHSA\", value:\"2020:4351\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2020:4351)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4351 advisory.\n\n - freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999)\n\n - chromium-browser: Inappropriate implementation in Blink (CVE-2020-16000)\n\n - chromium-browser: Use after free in media (CVE-2020-16001)\n\n - chromium-browser: Use after free in PDFium (CVE-2020-16002)\n\n - chromium-browser: Use after free in printing (CVE-2020-16003)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-16003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890210\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1890269\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium-browser package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(122, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ],\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ],\n 'rhel_extras_hpn_6': [\n 'rhel-hpn-for-rhel-6-hpc-node-rpms',\n 'rhel-hpn-for-rhel-6-server-rpms'\n ],\n 'rhel_extras_oracle_java_6': [\n 'rhel-6-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-aus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-workstation-restricted-maintenance-oracle-java-rpms',\n 'rhel-hpc-node-6-eus-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_sap_6': [\n 'rhel-sap-for-rhel-6-server-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-rpms',\n 'rhel-sap-for-rhel-6-server-eus-source-rpms',\n 'rhel-sap-for-rhel-6-server-rpms',\n 'rhel-sap-for-rhel-6-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_6': [\n 'rhel-sap-hana-for-rhel-6-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-6-server-rpms',\n 'rhel-sap-hana-for-rhel-6-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']},\n {'reference':'chromium-browser-86.0.4240.111-1.el6_10', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium-browser');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:22:33", "description": "The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141573", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141573);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:21:29", "description": "The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-20T00:00:00", "type": "nessus", "title": "Google Chrome < 86.0.4240.111 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_86_0_4240_111.NASL", "href": "https://www.tenable.com/plugins/nessus/141574", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141574);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 86.0.4240.111 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?908ce031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1125337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1135018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1137630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1139963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1134960\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 86.0.4240.111 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'86.0.4240.111', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:21:08", "description": "This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2020-1737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1737.NASL", "href": "https://www.tenable.com/plugins/nessus/141929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1737.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141929);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2020-1737)\");\n script_summary(english:\"Check for the openSUSE-2020-1737 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n - Update to 86.0.4240.111 boo#1177936\n\n - CVE-2020-16000: Inappropriate implementation in Blink.\n\n - CVE-2020-16001: Use after free in media.\n\n - CVE-2020-16002: Use after free in PDFium.\n\n - CVE-2020-15999: Heap buffer overflow in Freetype.\n\n - CVE-2020-16003: Use after free in printing.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177936\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-86.0.4240.111-lp152.2.42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-86.0.4240.111-lp152.2.42.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-19T15:21:29", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-22T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_86_0_622_51.NASL", "href": "https://www.tenable.com/plugins/nessus/141815", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141815);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16000\",\n \"CVE-2020-16001\",\n \"CVE-2020-16002\",\n \"CVE-2020-16003\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected\nby multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this\nissue but has instead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?083510ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 86.0.622.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16003\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '86.0.622.51' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-23T15:11:43", "description": "The remote host is affected by the vulnerability described in GLSA-202011-12 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "GLSA-202011-12 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16016"], "modified": "2021-12-14T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202011-12.NASL", "href": "https://www.tenable.com/plugins/nessus/142833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202011-12.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142833);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/14\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16004\", \"CVE-2020-16005\", \"CVE-2020-16006\", \"CVE-2020-16008\", \"CVE-2020-16009\", \"CVE-2020-16016\");\n script_xref(name:\"GLSA\", value:\"202011-12\");\n script_xref(name:\"IAVA\", value:\"2020-A-0530-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"GLSA-202011-12 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202011-12\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202011-12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-86.0.4240.193'\n All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-86.0.4240.193'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16016\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 86.0.4240.193\"), vulnerable:make_list(\"lt 86.0.4240.193\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 86.0.4240.193\"), vulnerable:make_list(\"lt 86.0.4240.193\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-23T15:12:32", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17087", "CVE-2020-17088"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586845.NASL", "href": "https://www.tenable.com/plugins/nessus/142686", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142686);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586823\");\n script_xref(name:\"MSKB\", value:\"4586845\");\n script_xref(name:\"MSFT\", value:\"MS20-4586823\");\n script_xref(name:\"MSFT\", value:\"MS20-4586845\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586823: Windows 8.1 and Windows Server 2012 R2 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586823/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4586845/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586823 or Cumulative Update KB4586845.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586823', '4586845');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586823, 4586845])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:13:10", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586793.NASL", "href": "https://www.tenable.com/plugins/nessus/142693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142693);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\"\n );\n script_xref(name:\"MSKB\", value:\"4586793\");\n script_xref(name:\"MSFT\", value:\"MS20-4586793\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586793: Windows 10 Version 1809 and Windows Server 2019 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586793/windows-10-update-kb4586793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92d059c3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586793.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:11:47", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586808: Windows Server 2012 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17029", "CVE-2020-17036", "CVE-2020-17038", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17047", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17056", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17088"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586834.NASL", "href": "https://www.tenable.com/plugins/nessus/142687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142687);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17029\",\n \"CVE-2020-17036\",\n \"CVE-2020-17038\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17047\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17056\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17088\"\n );\n script_xref(name:\"MSKB\", value:\"4586808\");\n script_xref(name:\"MSKB\", value:\"4586834\");\n script_xref(name:\"MSFT\", value:\"MS20-4586808\");\n script_xref(name:\"MSFT\", value:\"MS20-4586834\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n\n script_name(english:\"KB4586808: Windows Server 2012 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586808/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0d6d9b2\");\n # https://support.microsoft.com/en-us/help/4586834/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82b0555c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4586808 or Cumulative Update KB4586834.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586808', '4586834');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586808, 4586834])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:12:40", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17012", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586786.NASL", "href": "https://www.tenable.com/plugins/nessus/142680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142680);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17010\",\n \"CVE-2020-17011\",\n \"CVE-2020-17012\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17073\",\n \"CVE-2020-17074\",\n \"CVE-2020-17075\",\n \"CVE-2020-17076\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586786\");\n script_xref(name:\"MSFT\", value:\"MS20-4586786\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586786/windows-10-update-kb4586786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7e34577\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586786.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586786');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586786])\n || \n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586786])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:12:33", "description": "The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586781: Windows 10 Version 2004 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17013", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17030", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17053", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17070", "CVE-2020-17071", "CVE-2020-17073", "CVE-2020-17074", "CVE-2020-17075", "CVE-2020-17076", "CVE-2020-17077", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17090", "CVE-2020-17113"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586781.NASL", "href": "https://www.tenable.com/plugins/nessus/142684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142684);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17010\",\n \"CVE-2020-17011\",\n \"CVE-2020-17013\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17030\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17053\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17070\",\n \"CVE-2020-17071\",\n \"CVE-2020-17073\",\n \"CVE-2020-17074\",\n \"CVE-2020-17075\",\n \"CVE-2020-17076\",\n \"CVE-2020-17077\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17090\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586781\");\n script_xref(name:\"MSFT\", value:\"MS20-4586781\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586781: Windows 10 Version 2004 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Windows installation on the remote host is missing security update 4586781. It is, therefore,\n affected by multiple vulnerabilities. Please review the vendor advisory for more details.\");\n # https://support.microsoft.com/en-us/help/4586781/windows-10-update-kb4586781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bdf4d2e0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586781])\n||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19042\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:13:14", "description": "The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1599", "CVE-2020-16997", "CVE-2020-16998", "CVE-2020-16999", "CVE-2020-17000", "CVE-2020-17001", "CVE-2020-17004", "CVE-2020-17007", "CVE-2020-17010", "CVE-2020-17011", "CVE-2020-17014", "CVE-2020-17024", "CVE-2020-17025", "CVE-2020-17026", "CVE-2020-17027", "CVE-2020-17028", "CVE-2020-17029", "CVE-2020-17031", "CVE-2020-17032", "CVE-2020-17033", "CVE-2020-17034", "CVE-2020-17035", "CVE-2020-17036", "CVE-2020-17037", "CVE-2020-17038", "CVE-2020-17040", "CVE-2020-17041", "CVE-2020-17042", "CVE-2020-17043", "CVE-2020-17044", "CVE-2020-17045", "CVE-2020-17046", "CVE-2020-17047", "CVE-2020-17048", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17052", "CVE-2020-17054", "CVE-2020-17055", "CVE-2020-17056", "CVE-2020-17057", "CVE-2020-17058", "CVE-2020-17068", "CVE-2020-17069", "CVE-2020-17071", "CVE-2020-17075", "CVE-2020-17087", "CVE-2020-17088", "CVE-2020-17113"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_NOV_4586830.NASL", "href": "https://www.tenable.com/plugins/nessus/142690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142690);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-1599\",\n \"CVE-2020-16997\",\n \"CVE-2020-16998\",\n \"CVE-2020-16999\",\n \"CVE-2020-17000\",\n \"CVE-2020-17001\",\n \"CVE-2020-17004\",\n \"CVE-2020-17007\",\n \"CVE-2020-17011\",\n \"CVE-2020-17014\",\n \"CVE-2020-17024\",\n \"CVE-2020-17025\",\n \"CVE-2020-17026\",\n \"CVE-2020-17027\",\n \"CVE-2020-17028\",\n \"CVE-2020-17029\",\n \"CVE-2020-17031\",\n \"CVE-2020-17032\",\n \"CVE-2020-17033\",\n \"CVE-2020-17034\",\n \"CVE-2020-17035\",\n \"CVE-2020-17036\",\n \"CVE-2020-17037\",\n \"CVE-2020-17038\",\n \"CVE-2020-17040\",\n \"CVE-2020-17041\",\n \"CVE-2020-17042\",\n \"CVE-2020-17043\",\n \"CVE-2020-17044\",\n \"CVE-2020-17045\",\n \"CVE-2020-17046\",\n \"CVE-2020-17047\",\n \"CVE-2020-17048\",\n \"CVE-2020-17049\",\n \"CVE-2020-17051\",\n \"CVE-2020-17052\",\n \"CVE-2020-17054\",\n \"CVE-2020-17055\",\n \"CVE-2020-17056\",\n \"CVE-2020-17057\",\n \"CVE-2020-17058\",\n \"CVE-2020-17068\",\n \"CVE-2020-17069\",\n \"CVE-2020-17071\",\n \"CVE-2020-17075\",\n \"CVE-2020-17087\",\n \"CVE-2020-17088\",\n \"CVE-2020-17113\"\n );\n script_xref(name:\"MSKB\", value:\"4586830\");\n script_xref(name:\"MSFT\", value:\"MS20-4586830\");\n script_xref(name:\"IAVA\", value:\"2020-A-0512-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0513-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0518-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0521-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft 4586830 Product is missing security updates.\n\n - Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2020-16997)\n\n - DirectX Elevation of Privilege Vulnerability (CVE-2020-16998)\n\n - Windows WalletService Information Disclosure Vulnerability (CVE-2020-16999)\n\n - Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2020-17000)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17014.\n (CVE-2020-17001)\n\n - Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-17004)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17044. (CVE-2020-17055)\n\n - Windows Network File System Information Disclosure Vulnerability (CVE-2020-17056)\n\n - Windows Win32k Elevation of Privilege Vulnerability (CVE-2020-17057)\n\n - Windows GDI+ Remote Code Execution Vulnerability (CVE-2020-17068)\n\n - Windows NDIS Information Disclosure Vulnerability (CVE-2020-17069)\n\n - Windows Delivery Optimization Information Disclosure Vulnerability (CVE-2020-17071)\n\n - Windows USO Core Worker Elevation of Privilege Vulnerability (CVE-2020-17075)\n\n - Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087)\n\n - Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2020-17088)\n\n - Windows Camera Codec Information Disclosure Vulnerability (CVE-2020-17113)\n\n - Windows Spoofing Vulnerability (CVE-2020-1599)\n\n - Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-17007)\n\n - Windows Port Class Library Elevation of Privilege Vulnerability (CVE-2020-17011)\n\n - Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17001.\n (CVE-2020-17014)\n\n - Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability (CVE-2020-17024)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17026,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17025)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17026)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17027)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17028)\n\n - Windows Canonical Display Driver Information Disclosure Vulnerability (CVE-2020-17029)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17031)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17033, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17032)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17034,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17033)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17043, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17034)\n\n - Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-17035)\n\n - Windows Function Discovery SSDP Provider Information Disclosure Vulnerability (CVE-2020-17036)\n\n - Windows WalletService Elevation of Privilege Vulnerability (CVE-2020-17037)\n\n - Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010. (CVE-2020-17038)\n\n - Windows Hyper-V Security Feature Bypass Vulnerability (CVE-2020-17040)\n\n - Windows Print Configuration Elevation of Privilege Vulnerability (CVE-2020-17041)\n\n - Windows Print Spooler Remote Code Execution Vulnerability (CVE-2020-17042)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17044, CVE-2020-17055. (CVE-2020-17043)\n\n - Windows Remote Access Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17025,\n CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033,\n CVE-2020-17034, CVE-2020-17043, CVE-2020-17055. (CVE-2020-17044)\n\n - Windows KernelStream Information Disclosure Vulnerability (CVE-2020-17045)\n\n - Windows Error Reporting Denial of Service Vulnerability (CVE-2020-17046)\n\n - Windows Network File System Denial of Service Vulnerability (CVE-2020-17047)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.\n (CVE-2020-17048)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)\n\n - Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)\n\n - Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17048.\n (CVE-2020-17054)\n\n - Microsoft Browser Memory Corruption Vulnerability (CVE-2020-17058)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://support.microsoft.com/en-us/help/4586830/windows-10-update-kb4586830\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8c32243\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586830.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17051\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-11\";\nkbs = make_list('4586830');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"11_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586830])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:38:42", "description": "This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2020-2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaFirefox", "p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream", "p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols", "p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo", "p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource", "p-cpe:/a:novell:opensuse:MozillaFirefox-devel", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common", "p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/143352", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2020.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143352);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16012\", \"CVE-2020-26951\", \"CVE-2020-26953\", \"CVE-2020-26956\", \"CVE-2020-26958\", \"CVE-2020-26959\", \"CVE-2020-26960\", \"CVE-2020-26961\", \"CVE-2020-26965\", \"CVE-2020-26966\", \"CVE-2020-26968\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : MozillaFirefox (openSUSE-2020-2020)\");\n script_summary(english:\"Check for the openSUSE-2020-2020 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\n - Firefox Extended Support Release 78.5.0 ESR\n (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178824\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected MozillaFirefox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debuginfo-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-debugsource-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-devel-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-common-78.5.0-lp152.2.30.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"MozillaFirefox-translations-other-78.5.0-lp152.2.30.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox / MozillaFirefox-branding-upstream / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:42:44", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3383-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143745", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3383-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143745);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16012\", \"CVE-2020-26951\", \"CVE-2020-26953\", \"CVE-2020-26956\", \"CVE-2020-26958\", \"CVE-2020-26959\", \"CVE-2020-26960\", \"CVE-2020-26961\", \"CVE-2020-26965\", \"CVE-2020-26966\", \"CVE-2020-26968\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26953/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26959/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26968/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203383-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e3eae17\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3383=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debuginfo-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-debugsource-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-devel-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-common-78.5.0-3.119.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"MozillaFirefox-translations-other-78.5.0-3.119.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:10:48", "description": "This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to 86.0.4240.183\n\n - DNA-89748 ‘Manage Extensions’ dialog is displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006, CVE-2020-16007, CVE-2020-16008, CVE-2020-16009, CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can’t be dragged to proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in ‘Add Site’ section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002, CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at opera::TabCyclerView::HighlightContents (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to design\n\n - DNA-89305 Crash after closing Downloads pop-up", "cvss3": {"score": 9.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}, "published": "2020-11-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2020-1952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16000", "CVE-2020-16001", "CVE-2020-16002", "CVE-2020-16003", "CVE-2020-16004", "CVE-2020-16005", "CVE-2020-16006", "CVE-2020-16007", "CVE-2020-16008", "CVE-2020-16009", "CVE-2020-16011"], "modified": "2021-12-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/143001", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1952.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143001);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/14\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16000\", \"CVE-2020-16001\", \"CVE-2020-16002\", \"CVE-2020-16003\", \"CVE-2020-16004\", \"CVE-2020-16005\", \"CVE-2020-16006\", \"CVE-2020-16007\", \"CVE-2020-16008\", \"CVE-2020-16009\", \"CVE-2020-16011\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2020-1952)\");\n script_summary(english:\"Check for the openSUSE-2020-1952 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nOpera was updated to version 72.0.3815.320\n\n - CHR-8177 Update chromium on desktop-stable-86-3815 to\n 86.0.4240.183\n\n - DNA-89748 ‘Manage Extensions’ dialog is\n displayed with preloaded extensions\n\n - DNA-89766 Address bar does not respond to actions\n\n - The update to chromium 86.0.4240.183 fixes following\n issues: CVE-2020-16004, CVE-2020-16005, CVE-2020-16006,\n CVE-2020-16007, CVE-2020-16008, CVE-2020-16009,\n CVE-2020-16011\n\n - Update to version 72.0.3815.200\n\n - DNA-87150 Speed Dial tile can’t be dragged to\n proper place\n\n - DNA-89632 Improve hovering over icons\n\n - DNA-89647 [Light mode] Wrong URL color in ‘Add\n Site’ section\n\n - DNA-89791 Typo in Spanish\n\n - The update to chromium 86.0.4240.111 fixes following\n issues: CVE-2020-16000, CVE-2020-16001, CVE-2020-16002,\n CVE-2020-15999, CVE-2020-16003\n\n - Complete Opera 72.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-72/\n\n - Update to version 71.0.3770.271\n\n - DNA-88353 Crash at\n opera::TabCyclerView::HighlightContents\n (content::WebContents*, bool)\n\n - DNA-89177 Device update request should only be called\n when FCM token has changed\n\n - DNA-89186 Handle device expired case in all server calls\n\n - DNA-89202 Pages are rendered in dark mode when force\n dark mode prefs were synced from Opera GX\n\n - DNA-89247 [Mac] Fullscreen video broken if sidebar is\n hidden\n\n - DNA-89298 Some elements of VPN popup are misaligned to\n design\n\n - DNA-89305 Crash after closing Downloads pop-up\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.opera.com/desktop/changelog-for-72/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-16011\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"opera-72.0.3815.320-lp151.2.33.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-72.0.3815.320-lp152.2.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:20:53", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14548-1 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (CVE-2020-16012)\n\n - A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26951)\n\n - It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26953)\n\n - In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26956)\n\n - Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26958)\n\n - During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26959)\n\n - If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26960)\n\n - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26961)\n\n - Some websites have a feature Show Password where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.\n (CVE-2020-26965)\n\n - Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26966)\n\n - Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26968)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14548-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150523", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14548-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150523);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14548-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0486-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0533-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14548-1 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\n - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote\n attacker to leak cross-origin data via a crafted HTML page. (CVE-2020-16012)\n\n - A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even\n after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal\n pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox <\n 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26951)\n\n - It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus\n making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects\n Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26953)\n\n - In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and\n therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird <\n 78.5. (CVE-2020-26956)\n\n - Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and\n cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a\n Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and\n Thunderbird < 78.5. (CVE-2020-26958)\n\n - During browser shutdown, reference decrementing could have occured on a previously freed object, resulting\n in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects\n Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26959)\n\n - If the Compact() method was called on an nsTArray, the array could have been reallocated without updating\n other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects\n Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26960)\n\n - When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses\n as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through\n IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This\n vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26961)\n\n - Some websites have a feature Show Password where clicking a button will change a password field into a\n textbook field, revealing the typed password. If, when using a software keyboard that remembers user\n input, a user typed their password and used that feature, the type of the password field was changed,\n resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed\n password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.\n (CVE-2020-26965)\n\n - Searching for a single word from the address bar caused an mDNS request to be sent on the local network\n searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue\n only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability\n affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26966)\n\n - Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these\n bugs showed evidence of memory corruption and we presume that with enough effort some of these could have\n been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and\n Thunderbird < 78.5. (CVE-2020-26968)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178824\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-November/007825.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60b8c5b3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15999\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26951\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-26968\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected MozillaFirefox, MozillaFirefox-translations-common and / or MozillaFirefox-translations-other\npackages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'MozillaFirefox-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'MozillaFirefox-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-common-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'MozillaFirefox-translations-other-78.5.0-78.105', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaFirefox / MozillaFirefox-translations-common / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:44:32", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3548-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3548-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3548-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143741);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16012\", \"CVE-2020-26951\", \"CVE-2020-26953\", \"CVE-2020-26956\", \"CVE-2020-26958\", \"CVE-2020-26959\", \"CVE-2020-26960\", \"CVE-2020-26961\", \"CVE-2020-26965\", \"CVE-2020-26966\", \"CVE-2020-26968\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3548-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26953/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26959/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26968/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203548-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dd2a5f3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3548=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3548=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3548=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3548=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3548=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3548=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3548=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3548=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3548=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3548=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debuginfo-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-debugsource-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-devel-78.5.0-112.36.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"MozillaFirefox-translations-common-78.5.0-112.36.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:42:40", "description": "This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966: Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:MozillaFirefox", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo", "p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource", "p-cpe:/a:novell:suse_linux:MozillaFirefox-devel", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common", "p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3458-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3458-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143723);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16012\", \"CVE-2020-26951\", \"CVE-2020-26953\", \"CVE-2020-26956\", \"CVE-2020-26958\", \"CVE-2020-26959\", \"CVE-2020-26960\", \"CVE-2020-26961\", \"CVE-2020-26965\", \"CVE-2020-26966\", \"CVE-2020-26968\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaFirefox fixes the following issues :\n\nFirefox Extended Support Release 78.5.0 ESR (bsc#1178824)\n\n - CVE-2020-26951: Parsing mismatches could confuse and\n bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012: Variable time processing of cross-origin\n images during drawImage calls\n\n - CVE-2020-26953: Fullscreen could be enabled without\n displaying the security UI\n\n - CVE-2020-26956: XSS through paste (manual and clipboard\n API)\n\n - CVE-2020-26958: Requests intercepted through\n ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959: Use-after-free in WebRequestService\n\n - CVE-2020-26960: Potential use-after-free in uses of\n nsTArray\n\n - CVE-2020-15999: Heap buffer overflow in freetype\n\n - CVE-2020-26961: DoH did not filter IPv4 mapped IP\n Addresses\n\n - CVE-2020-26965: Software keyboards may have remembered\n typed passwords\n\n - CVE-2020-26966: Single-word search queries were also\n broadcast to local network\n\n - CVE-2020-26968: Memory safety bugs fixed in Firefox 83\n and Firefox ESR 78.5\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26953/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26958/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26959/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26965/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26966/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-26968/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203458-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a37a871d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP2-2020-3458=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations-other\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debuginfo-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-debugsource-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-devel-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-common-78.5.0-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"MozillaFirefox-translations-other-78.5.0-8.17.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MozillaFirefox\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:39:41", "description": "The version of Firefox ESR installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-17T00:00:00", "type": "nessus", "title": "Mozilla Firefox ESR < 78.5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:mozilla:firefox_esr"], "id": "MOZILLA_FIREFOX_78_5_ESR.NASL", "href": "https://www.tenable.com/plugins/nessus/142913", "sourceData": "## \n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Mozilla Foundation Security Advisory mfsa2020-51.\n# The text itself is copyright (C) Mozilla Foundation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142913);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-15999\",\n \"CVE-2020-16012\",\n \"CVE-2020-26951\",\n \"CVE-2020-26953\",\n \"CVE-2020-26956\",\n \"CVE-2020-26958\",\n \"CVE-2020-26959\",\n \"CVE-2020-26960\",\n \"CVE-2020-26961\",\n \"CVE-2020-26965\",\n \"CVE-2020-26966\",\n \"CVE-2020-26968\"\n );\n script_xref(name:\"MFSA\", value:\"2020-51\");\n script_xref(name:\"IAVA\", value:\"2020-A-0537-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Mozilla Firefox ESR < 78.5\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Firefox ESR installed on the remote Windows host is prior to 78.5. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mfsa2020-51 advisory.\n\n - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox ESR version 78.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-26968\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox_esr\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude('mozilla_version.inc');\n\nport = get_kb_item('SMB/transport');\nif (!port) port = 445;\n\ninstalls = get_kb_list('SMB/Mozilla/Firefox/*');\nif (isnull(installs)) audit(AUDIT_NOT_INST, 'Firefox');\n\nmozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'78.5', min:'78.0.0', xss:TRUE, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-16T15:38:37", "description": "This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now wait for 'mail-delayed-startup-finished' event (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function (bmo#1663321)\n\n - fixed: Various theme and usability improvements (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code\n\n - CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls\n\n - CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI\n\n - CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API)\n\n - CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions\n\n - CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService\n\n - CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray\n\n - CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype\n\n - CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses\n\n - CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords\n\n - CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network\n\n - CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, bmo#1671923) Memory safety bugs fixed in Thunderbird 78.5\n\n - Mozilla Thunderbird 78.4.3 \n\n - fixed: User interface was inconsistent when switching from the default theme to the dark theme and back to the default theme (bmo#1659282)\n\n - fixed: Email subject would disappear when hovering over it with the mouse when using Windows 7 Classic theme (bmo#1675970)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2096)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15999", "CVE-2020-16012", "CVE-2020-26951", "CVE-2020-26953", "CVE-2020-26956", "CVE-2020-26958", "CVE-2020-26959", "CVE-2020-26960", "CVE-2020-26961", "CVE-2020-26965", "CVE-2020-26966", "CVE-2020-26968"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:MozillaThunderbird", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo", "p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common", "p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2096.NASL", "href": "https://www.tenable.com/plugins/nessus/143357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2096.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143357);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2020-15999\", \"CVE-2020-16012\", \"CVE-2020-26951\", \"CVE-2020-26953\", \"CVE-2020-26956\", \"CVE-2020-26958\", \"CVE-2020-26959\", \"CVE-2020-26960\", \"CVE-2020-26961\", \"CVE-2020-26965\", \"CVE-2020-26966\", \"CVE-2020-26968\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2096)\");\n script_summary(english:\"Check for the openSUSE-2020-2096 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for MozillaThunderbird fixes the following issues :\n\nTODO\n\n - Mozilla Thunderbird 78.5.0\n\n - new: OpenPGP: Added option to disable attaching the\n public key to a signed message (bmo#1654950)\n\n - new: MailExtensions: 'compose_attachments' context added\n to Menus API (bmo#1670822)\n\n - new: MailExtensions: Menus API now available on\n displayed messages (bmo#1670825)\n\n - changed: MailExtensions: browser.tabs.create will now\n wait for 'mail-delayed-startup-finished' event\n (bmo#1674407)\n\n - fixed: OpenPGP: Support for inline PGP messages improved\n (bmo#1672851)\n\n - fixed: OpenPGP: Message security dialog showed\n unverified keys as unavailable (bmo#1675285)\n\n - fixed: Chat: New chat contact menu item did not function\n (bmo#1663321)\n\n - fixed: Various theme and usability improvements\n (bmo#1673861)\n\n - fixed: Various security fixes MFSA 2020-52 (bsc#1178894)\n\n - CVE-2020-26951 (bmo#1667113) Parsing mismatches could\n confuse and bypass security sanitizer