CVE-2015-5928

2015-10-23T00:00:00

Description

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	upstream	qtwebkit-opensource-src	any
ubuntu	upstream	qtwebkit-source	any
ubuntu	upstream	webkit	any
ubuntu	14.04	webkitgtk	trusty was released [2.4.10-0ubuntu0.14.04.1]
ubuntu	upstream	webkitgtk	any
ubuntu	15.10	webkitgtk	2.4.10-0ubuntu0.15.10.1
ubuntu	16.04	webkitgtk	2.4.10-0ubuntu1
ubuntu	16.10	webkitgtk	2.4.10-0ubuntu1

{"id": "UB:CVE-2015-5928", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2015-5928", "description": "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes\nbefore 12.3.1, allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted\nweb site, a different vulnerability than other WebKit CVEs listed in\nAPPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8\n", "published": "2015-10-23T00:00:00", "modified": "2015-10-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2015-5928", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928", "https://support.apple.com/HT205377", "https://support.apple.com/HT205372", "https://support.apple.com/HT205370", "http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html", "http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html", "http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html", "https://ubuntu.com/security/notices/USN-2937-1", "https://nvd.nist.gov/vuln/detail/CVE-2015-5928", "https://launchpad.net/bugs/cve/CVE-2015-5928", "https://security-tracker.debian.org/tracker/CVE-2015-5928"], "cvelist": ["CVE-2015-5928"], "immutableFields": [], "lastseen": "2022-08-04T14:14:42", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5928"]}, {"type": "fedora", "idList": ["FEDORA:333BF6016168", "FEDORA:568856077DDB", "FEDORA:9981A609AE8A", "FEDORA:E319A6098B3F", "FEDORA:EBF24604237F"]}, {"type": "kaspersky", "idList": ["KLA10685"]}, {"type": "mageia", "idList": ["MGASA-2016-0116", "MGASA-2016-0120"]}, {"type": "nessus", "idList": ["9028.PRM", "9328.PRM", "APPLE_IOS_91_CHECK.NBIN", "FEDORA_2016-1A7F7FFB58.NASL", "FEDORA_2016-5D6D75DBEA.NASL", "FEDORA_2016-9EC1850FFF.NASL", "FEDORA_2016-A4FCB02D6B.NASL", "FEDORA_2016-FDE7FFCB77.NASL", "ITUNES_12_3_1.NASL", "ITUNES_12_3_1_BANNER.NASL", "MACOSX_SAFARI9_0_1.NASL", "OPENSUSE-2016-412.NASL", "UBUNTU_USN-2937-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310131278", "OPENVAS:1361412562310131282", "OPENVAS:1361412562310806608", "OPENVAS:1361412562310806609", "OPENVAS:1361412562310807720", "OPENVAS:1361412562310807724", "OPENVAS:1361412562310807742", "OPENVAS:1361412562310842701"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32563", "SECURITYVULNS:DOC:32565", "SECURITYVULNS:DOC:32567", "SECURITYVULNS:VULN:14696", "SECURITYVULNS:VULN:14698", "SECURITYVULNS:VULN:14700"]}, {"type": "ubuntu", "idList": ["USN-2937-1"]}]}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-5928"]}, {"type": "fedora", "idList": ["FEDORA:E319A6098B3F"]}, {"type": "kaspersky", "idList": ["KLA10685"]}, {"type": "nessus", "idList": ["MACOSX_SAFARI9_0_1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310131278"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14696"]}]}, "exploitation": null, "vulnersScore": 2.0}, "_state": {"dependencies": 1659998956, "score": 1659905368}, "_internal": {"score_hash": "bdac98cbd02a08b92d89d09d6036672b"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtwebkit-opensource-src"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "qtwebkit-source"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "webkit"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [2.4.10-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "webkitgtk"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "webkitgtk"}, {"OS": "ubuntu", "OSVersion": "15.10", "arch": "noarch", "packageVersion": "2.4.10-0ubuntu0.15.10.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "webkitgtk"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "2.4.10-0ubuntu1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "webkitgtk"}, {"OS": "ubuntu", "OSVersion": "16.10", "arch": "noarch", "packageVersion": "2.4.10-0ubuntu1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "webkitgtk"}], "bugs": []}

{"cve": [{"lastseen": "2022-03-23T13:11:07", "description": "WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.", "cvss3": {}, "published": "2015-10-23T21:59:00", "type": "cve", "title": "CVE-2015-5928", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5928"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/a:apple:itunes:12.3.0", "cpe:/a:apple:safari:9.0", "cpe:/o:apple:iphone_os:9.0.2"], "id": "CVE-2015-5928", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5928", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:safari:9.0:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-3 Safari 9.0.1\r\n\r\nSafari 9.0.1 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan v10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-5931\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7011 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7013 : Apple\r\nCVE-2015-7014\r\n\r\nInstallation note:\r\n\r\nSafari 9.0.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-3 Safari 9.0.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32565", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32565", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-5 iTunes 12.3.1\r\n\r\niTunes 12.3.1 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may result in unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-5931\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7011 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7013 : Apple\r\nCVE-2015-7014\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: Applications that use CoreText may be vulnerable to\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nInstallation note:\r\n\r\niTunes 12.3.1 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nYou may also update to the latest version of iTunes via Apple\r\nSoftware Update, which can be found in the Start menu.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-5 iTunes 12.3.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-6992", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7017", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32567", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32567", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-1 iOS 9.1\r\n\r\niOS 9.1 is now available and addresses the following:\r\n\r\nAccelerate Framework\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in the Accelerate\r\nFramework in multi-threading mode. This issue was addressed through\r\nimproved accessor element validation and improved object locking.\r\nCVE-ID\r\nCVE-2015-5940 : Apple\r\n\r\nBom\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unpacking a maliciously crafted archive may lead to\r\narbitrary code execution\r\nDescription: A file traversal vulnerability existed in the handling\r\nof CPIO archives. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2015-7006 : Mark Dowd at Azimuth Security\r\n\r\nCFNetwork\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to cookies\r\nbeing overwritten\r\nDescription: A parsing issue existed when handling cookies with\r\ndifferent letter casing. This issue was addressed through improved\r\nparsing.\r\nCVE-ID\r\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\r\nTsinghua University, Jian Jiang of University of California,\r\nBerkeley, Haixin Duan of Tsinghua University and International\r\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\r\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\r\nScience Institute and University of California, Berkeley, coordinated\r\nvia CERT/CC\r\n\r\nconfigd\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to elevate privileges\r\nDescription: A heap based buffer overflow issue existed in the DNS\r\nclient library. A malicious application with the ability to spoof\r\nresponses from the local configd service may have been able to cause\r\narbitrary code execution in DNS clients.\r\nCVE-ID\r\nCVE-2015-7015 : PanguTeam\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in\r\nCoreGraphics. These issues were addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5925 : Apple\r\nCVE-2015-5926 : Apple\r\n\r\nCoreText\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDisk Images\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in the parsing of\r\ndisk images. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6995 : Ian Beer of Google Project Zero\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of font files. These issues were addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-5927 : Apple\r\nCVE-2015-5942\r\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero\r\nDay Initiative\r\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nGasGauge\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6979 : PanguTeam\r\n\r\nGrand Central Dispatch\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted package may lead to\r\narbitrary code execution\r\nDescription: A memory corruption issue existed when handling\r\ndispatch calls. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6989 : Apple\r\n\r\nGraphics Driver\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: A type confusion issue existed in AppleVXD393. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted image file may lead to\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nparsing of image metadata. These issues was addressed through\r\nimproved metadata validation.\r\nCVE-ID\r\nCVE-2015-5935 : Apple\r\nCVE-2015-5936 : Apple\r\nCVE-2015-5937 : Apple\r\nCVE-2015-5939 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in\r\nIOAcceleratorFamily. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-6996 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: A memory corruption issue existed in the kernel. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An input validation issue existed in the kernel. This\r\nissue was addressed through improved input validation.\r\nCVE-ID\r\nCVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto execute arbitrary code\r\nDescription: An uninitialized memory issue existed in the kernel.\r\nThis issue was addressed through improved memory initialization.\r\nCVE-ID\r\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local application may be able to cause a denial of service\r\nDescription: An issue existed when reusing virtual memory. This\r\nissue was addressed through improved validation.\r\nCVE-ID\r\nCVE-2015-6994 : Mark Mentovai of Google Inc.\r\n\r\nNotification Center\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Phone and Messages notifications may appear on the lock\r\nscreen even when disabled\r\nDescription: When "Show on Lock Screen" was turned off for Phone or\r\nMessages, configuration changes were not immediately applied. This\r\nissue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2015-7000 : William Redwood of Hampton School\r\n\r\nOpenGL\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A memory corruption issue existed in OpenGL. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5924 : Apple\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to overwrite arbitrary\r\nfiles\r\nDescription: A double free issue existed in the handling of\r\nAtomicBufferedFile descriptors. This issue was addressed through\r\nimproved validation of AtomicBufferedFile descriptors.\r\nCVE-ID\r\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\r\nUlanov from the Chrome Team\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may be able to make a revoked certificate appear\r\nvalid\r\nDescription: A validation issue existed in the OCSP client. This\r\nissue was addressed by checking the OCSP certificate's expiration\r\ntime.\r\nCVE-ID\r\nCVE-2015-6999 : Apple\r\n\r\nSecurity\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A trust evaluation configured to require revocation checking\r\nmay succeed even if revocation checking fails\r\nDescription: The kSecRevocationRequirePositiveResponse flag was\r\nspecified but not implemented. This issue was addressed by\r\nimplementing the flag.\r\nCVE-ID\r\nCVE-2015-6997 : Apple\r\n\r\nTelephony\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to leak sensitive user\r\ninformation\r\nDescription: An issue existed in the authorization checks for\r\nquerying phone call status. This issue was addressed through\r\nadditional authorization state queries.\r\nCVE-ID\r\nCVE-2015-7022 : Andreas Kurtz of NESO Security Labs\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-6981\r\nCVE-2015-6982\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7005 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7014\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "9.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-1 iOS 9.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7022", "CVE-2015-6976", "CVE-2015-5927", "CVE-2015-7005", "CVE-2015-6975", "CVE-2015-7004", "CVE-2015-7002", "CVE-2015-6982", "CVE-2015-5924", "CVE-2015-6979", "CVE-2015-6983", "CVE-2015-5939", "CVE-2015-6991", "CVE-2015-7014", "CVE-2015-6994", "CVE-2015-6992", "CVE-2015-6977", "CVE-2015-5940", "CVE-2015-6997", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-5935", "CVE-2015-6986", "CVE-2015-7010", "CVE-2015-7008", "CVE-2015-5929", "CVE-2015-5937", "CVE-2015-7023", "CVE-2015-6993", "CVE-2015-7000", "CVE-2015-5936", "CVE-2015-6989", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-6981", "CVE-2015-6999", "CVE-2015-6990", "CVE-2015-7009", "CVE-2015-6988", "CVE-2015-6996", "CVE-2015-7012", "CVE-2015-5925", "CVE-2015-6974", "CVE-2015-5928", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5926"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32563", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32563", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:11:44", "description": "Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-5825", "CVE-2015-7002", "CVE-2015-5798", "CVE-2015-5796", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-5788", "CVE-2015-5805", "CVE-2015-5828", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-5912", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-5802", "CVE-2015-5931", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5789", "CVE-2015-5765", "CVE-2015-5780", "CVE-2015-5813", "CVE-2015-5764", "CVE-2015-5821", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-5826", "CVE-2015-5820", "CVE-2015-5815", "CVE-2015-3801", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-7011", "CVE-2015-5767"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14700", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14700", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:15", "description": "Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-6992", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5931", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-7017", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14698", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14698", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:47:16", "description": "Screen unlock, information disclosure, restrictions bypass, multiple memory corruptions, weak encryption, multiple vulnerabilities in different libraries.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5880", "CVE-2015-5930", "CVE-2015-5838", "CVE-2015-5903", "CVE-2015-7022", "CVE-2015-6976", "CVE-2015-5861", "CVE-2015-5825", "CVE-2015-5927", "CVE-2015-5748", "CVE-2015-5847", "CVE-2015-7005", "CVE-2015-6975", "CVE-2015-7004", "CVE-2015-7002", "CVE-2015-5892", "CVE-2015-6982", "CVE-2015-5869", "CVE-2015-5879", "CVE-2015-5876", "CVE-2015-5858", "CVE-2015-5924", "CVE-2015-5862", "CVE-2015-0286", "CVE-2015-6979", "CVE-2015-6983", "CVE-2015-5796", "CVE-2015-5829", "CVE-2015-1205", "CVE-2015-5939", "CVE-2015-5874", "CVE-2015-6991", "CVE-2015-5860", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-6994", "CVE-2015-5788", "CVE-2015-6992", "CVE-2015-5895", "CVE-2015-5843", "CVE-2015-6977", "CVE-2015-5845", "CVE-2015-5905", "CVE-2015-5868", "CVE-2015-5805", "CVE-2015-5839", "CVE-2015-5840", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-5940", "CVE-2015-5846", "CVE-2015-5807", "CVE-2015-5882", "CVE-2015-5842", "CVE-2015-6997", "CVE-2015-5801", "CVE-2015-6995", "CVE-2015-6978", "CVE-2015-7018", "CVE-2015-5912", "CVE-2015-5921", "CVE-2015-5935", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-6986", "CVE-2015-7010", "CVE-2015-5802", "CVE-2015-5792", "CVE-2015-7008", "CVE-2015-5791", "CVE-2015-5841", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5831", "CVE-2015-5937", "CVE-2015-5855", "CVE-2015-5916", "CVE-2015-7023", "CVE-2014-8611", "CVE-2015-5789", "CVE-2015-6993", "CVE-2015-5765", "CVE-2015-7000", "CVE-2015-5813", "CVE-2015-1129", "CVE-2015-5824", "CVE-2015-5856", "CVE-2015-5764", "CVE-2015-5821", "CVE-2015-5936", "CVE-2015-5867", "CVE-2015-6989", "CVE-2015-5923", "CVE-2015-5942", "CVE-2015-7015", "CVE-2015-6981", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-6999", "CVE-2015-5848", "CVE-2015-5826", "CVE-2014-8146", "CVE-2015-5835", "CVE-2015-6990", "CVE-2015-7009", "CVE-2015-6988", "CVE-2015-5523", "CVE-2015-5820", "CVE-2015-5844", "CVE-2015-5904", "CVE-2015-5885", "CVE-2015-6996", "CVE-2015-3801", "CVE-2015-5837", "CVE-2013-3951", "CVE-2015-7012", "CVE-2015-5906", "CVE-2015-5810", "CVE-2015-5898", "CVE-2015-5925", "CVE-2015-5850", "CVE-2015-0287", "CVE-2015-6974", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5896", "CVE-2015-5863", "CVE-2015-5907", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5857", "CVE-2015-5834", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-7006", "CVE-2015-7017", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-5926", "CVE-2015-5522", "CVE-2015-5851", "CVE-2015-5899", "CVE-2015-5832", "CVE-2015-5767"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14696", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14696", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T12:44:16", "description": "The version of Apple Safari installed on the remote host is prior to 9.0.1. It is, therefore, affected by multiple memory corruption issues in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a crafted website, to execute arbitrary code or possibly cause a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-06T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 9.0.1 Multiple RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI9_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86790);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\"\n );\n script_bugtraq_id(77264, 77267);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-3\");\n\n script_name(english:\"Mac OS X : Apple Safari < 9.0.1 Multiple RCE\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote host is prior to\n9.0.1. It is, therefore, affected by multiple memory corruption issues\nin WebKit due to improper validation of user-supplied input. An\nunauthenticated, remote attacker can exploit these, via a crafted\nwebsite, to execute arbitrary code or possibly cause a denial of\nservice.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205377\");\n # http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5234a069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 9.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10|11)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9 / 10.10 / 10.11\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"9.0.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:34", "description": "The version of Safari installed on the remote host is prior to 9.0.1, and is affected by multiple vulnerabilities in WebKit that are triggered as user-supplied input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "Safari < 9.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "9028.PRM", "href": "https://www.tenable.com/plugins/nnm/9028", "sourceData": "Binary data 9028.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:16", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.3.1. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit and CoreText components. An attacker can exploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.3.1 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_3_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86602);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-6975\",\n \"CVE-2015-6992\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\",\n \"CVE-2015-7017\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-5\");\n\n script_name(english:\"Apple iTunes < 12.3.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.3.1. It is, therefore, affected by multiple\nvulnerabilities due to memory corruption issues in the WebKit and\nCoreText components. An attacker can exploit these to cause a denial\nof service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.3.1.23\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:17", "description": "The version of Apple iTunes running on the remote host is prior to 12.3.1. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit and CoreText components. An attacker can exploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.3.1 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_3_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/86603", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86603);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-6975\",\n \"CVE-2015-6992\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\",\n \"CVE-2015-7017\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-5\");\n\n script_name(english:\"Apple iTunes < 12.3.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.3.1. It is, therefore, affected by multiple vulnerabilities due to\nmemory corruption issues in the WebKit and CoreText components. An\nattacker can exploit these to cause a denial of service or execute\narbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.3.1.23\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:26", "description": "This update for webkitgtk fixes the following issues :\n\n - webkitgtk was updated to version 2.4.10 (boo#971460) :\n\n + Fix rendering of form controls and scrollbars with GTK+ >= 3.19.\n\n + Fix crashes on PPC64.\n\n + Fix the build on powerpc 32 bits.\n\n + Add ARM64 build support.\n\n + Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.\n\n + Updated translations.", "cvss3": {"score": null, "vector": null}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkitgtk (openSUSE-2016-412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo", "p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkitgtk-devel", "p-cpe:/a:novell:opensuse:libwebkitgtk2-lang", "p-cpe:/a:novell:opensuse:libwebkitgtk3-devel", "p-cpe:/a:novell:opensuse:libwebkitgtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-1_0", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-3_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-1_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-3_0", "p-cpe:/a:novell:opensuse:webkit-jsc-1", "p-cpe:/a:novell:opensuse:webkit-jsc-1-debuginfo", "p-cpe:/a:novell:opensuse:webkit-jsc-3", "p-cpe:/a:novell:opensuse:webkit-jsc-3-debuginfo", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-412.NASL", "href": "https://www.tenable.com/plugins/nessus/90259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-412.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90259);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n\n script_name(english:\"openSUSE Security Update : webkitgtk (openSUSE-2016-412)\");\n script_summary(english:\"Check for the openSUSE-2016-412 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkitgtk fixes the following issues :\n\n - webkitgtk was updated to version 2.4.10 (boo#971460) :\n\n + Fix rendering of form controls and scrollbars with GTK+\n >= 3.19.\n\n + Fix crashes on PPC64.\n\n + Fix the build on powerpc 32 bits.\n\n + Add ARM64 build support.\n\n + Security fixes: CVE-2015-1120, CVE-2015-1076,\n CVE-2015-1071, CVE-2015-1081, CVE-2015-1122,\n CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,\n CVE-2015-5809, CVE-2015-5928, CVE-2015-3749,\n CVE-2015-3659, CVE-2015-3748, CVE-2015-3743,\n CVE-2015-3731, CVE-2015-3745, CVE-2015-5822,\n CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,\n CVE-2015-5801, CVE-2015-5788, CVE-2015-3747,\n CVE-2015-5794, CVE-2015-1127, CVE-2015-1153,\n CVE-2015-1083.\n\n + Updated translations.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-1_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-3_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-1_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-3_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkitgtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit-3_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-1_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-3_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-1_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-1_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-3_0-0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-3_0-0-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk-devel-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk2-lang-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk3-devel-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwebkitgtk3-lang-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-JavaScriptCore-1_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-JavaScriptCore-3_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-WebKit-1_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"typelib-1_0-WebKit-3_0-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-1-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-1-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-3-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"webkit-jsc-3-debuginfo-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-debuginfo-32bit-2.4.10-13.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-1_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-3_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-1_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-1_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-3_0-0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-3_0-0-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk-devel-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk2-lang-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk3-devel-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkitgtk3-lang-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-JavaScriptCore-1_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-JavaScriptCore-3_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit-1_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit-3_0-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-1-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-1-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-3-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-3-debuginfo-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-1_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-3_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-1_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-32bit-2.4.10-7.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkitgtk-3_0-0-debuginfo-32bit-2.4.10-7.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-1_0-0 / libjavascriptcoregtk-1_0-0-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:30", "description": "This update addresses the following vulnerabilities: * [CVE-2015-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1120) * [CVE-2015-1076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1076) * [CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1071) * [CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1081) * [CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1122) * [CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1155) * [CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 4-1748) * [CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3752) * [CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5809) * [CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5928) * [CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3749) * [CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3659) * [CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3748) * [CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3743) * [CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3731) * [CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3745) * [CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5822) * [CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3658) * [CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3741) * [CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3727) * [CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5801) * [CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5788) * [CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-3747) * [CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-5794) * [CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1127) * [CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1153) * [CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 5-1083) Additional fixes: * Fix crashes on PowerPC 64. * Fix the build on PowerPC 32.\n\n - Add ARM64 build support. Translation updates * German * Spanish * French\n\n - Italian * Korean * Brazilian Portuguese * Russian * Chinese.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-04-01T00:00:00", "type": "nessus", "title": "Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-9EC1850FFF.NASL", "href": "https://www.tenable.com/plugins/nessus/90283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-9ec1850fff.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90283);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-9ec1850fff\");\n\n script_name(english:\"Fedora 22 : webkitgtk-2.4.10-1.fc22 (2016-9ec1850fff)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities: *\n[CVE-2015-1120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1120) *\n[CVE-2015-1076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1076) *\n[CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1071) *\n[CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1081) *\n[CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1122) *\n[CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1155) *\n[CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n4-1748) *\n[CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3752) *\n[CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5809) *\n[CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5928) *\n[CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3749) *\n[CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3659) *\n[CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3748) *\n[CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3743) *\n[CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3731) *\n[CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3745) *\n[CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5822) *\n[CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3658) *\n[CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3741) *\n[CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3727) *\n[CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5801) *\n[CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5788) *\n[CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-3747) *\n[CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-5794) *\n[CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1127) *\n[CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1153) *\n[CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n5-1083) Additional fixes: * Fix crashes on PowerPC 64. * Fix the build\non PowerPC 32.\n\n - Add ARM64 build support. Translation updates * German *\n Spanish * French\n\n - Italian * Korean * Brazilian Portuguese * Russian *\n Chinese.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?18d1a2f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"webkitgtk-2.4.10-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:29", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-21T00:00:00", "type": "nessus", "title": "Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk3", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-1A7F7FFB58.NASL", "href": "https://www.tenable.com/plugins/nessus/90035", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-1a7f7ffb58.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90035);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-1a7f7ffb58\");\n\n script_name(english:\"Fedora 23 : webkitgtk3-2.4.10-1.fc23 (2016-1a7f7ffb58)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abc24d78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"webkitgtk3-2.4.10-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:32", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0", "p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0", "p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2937-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90094);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"USN\", value:\"2937-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 : webkitgtk vulnerabilities (USN-2937-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A large number of security issues were discovered in the WebKitGTK+\nWeb and JavaScript engines. If a user were tricked into viewing a\nmalicious website, a remote attacker could exploit a variety of issues\nrelated to web browser security, including cross-site scripting\nattacks, denial of service attacks, and arbitrary code execution.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2937-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-1.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkitgtk-3.0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjavascriptcoregtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libjavascriptcoregtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwebkitgtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libwebkitgtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libjavascriptcoregtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libjavascriptcoregtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libwebkitgtk-1.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libwebkitgtk-3.0-0\", pkgver:\"2.4.10-0ubuntu0.15.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-1.0-0 / libjavascriptcoregtk-3.0-0 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:25", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-23T00:00:00", "type": "nessus", "title": "Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-5D6D75DBEA.NASL", "href": "https://www.tenable.com/plugins/nessus/90104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-5d6d75dbea.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90104);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-5d6d75dbea\");\n\n script_name(english:\"Fedora 23 : webkitgtk-2.4.10-1.fc23 (2016-5d6d75dbea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0136964c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"webkitgtk-2.4.10-1.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:35", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-28T00:00:00", "type": "nessus", "title": "Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk3", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-FDE7FFCB77.NASL", "href": "https://www.tenable.com/plugins/nessus/90232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-fde7ffcb77.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90232);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-fde7ffcb77\");\n\n script_name(english:\"Fedora 24 : webkitgtk3-2.4.10-1.fc24 (2016-fde7ffcb77)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179773.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d98b6a55\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk3-2.4.10-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:32", "description": "This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-28T00:00:00", "type": "nessus", "title": "Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-A4FCB02D6B.NASL", "href": "https://www.tenable.com/plugins/nessus/90220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-a4fcb02d6b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90220);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_xref(name:\"FEDORA\", value:\"2016-a4fcb02d6b\");\n\n script_name(english:\"Fedora 24 : webkitgtk-2.4.10-1.fc24 (2016-a4fcb02d6b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses the following vulnerabilities :\n\n - CVE-2015-1120\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120)\n\n - CVE-2015-1076\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076)\n\n - CVE-2015-1071\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071)\n\n - CVE-2015-1081\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081)\n\n - CVE-2015-1122\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122)\n\n - CVE-2015-1155\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155)\n\n - CVE-2014-1748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748)\n\n - CVE-2015-3752\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752)\n\n - CVE-2015-5809\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809)\n\n - CVE-2015-5928\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928)\n\n - CVE-2015-3749\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749)\n\n - CVE-2015-3659\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659)\n\n - CVE-2015-3748\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748)\n\n - CVE-2015-3743\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743)\n\n - CVE-2015-3731\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731)\n\n - CVE-2015-3745\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745)\n\n - CVE-2015-5822\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822)\n\n - CVE-2015-3658\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658)\n\n - CVE-2015-3741\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741)\n\n - CVE-2015-3727\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727)\n\n - CVE-2015-5801\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801)\n\n - CVE-2015-5788\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788)\n\n - CVE-2015-3747\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747)\n\n - CVE-2015-5794\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794)\n\n - CVE-2015-1127\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127)\n\n - CVE-2015-1153\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153)\n\n - CVE-2015-1083\n\n(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179772.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6fc0f2fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"webkitgtk-2.4.10-1.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:36", "description": "The remote host is running a version of iOS that is prior to version 9.1 and the following components contain vulnerabilities :\n\n - Accelerate Framework (CVE-2015-5940)\n - Bom CVE-2015-7006)\n - CFNetwork (CVE-2015-7023)\n - configd (CVE-2015-7015)\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n - CoreText (CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)\n - Disk Images (CVE-2015-6995)\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n - GasGauge (CVE-2015-6979)\n - Grand Central Dispatch (CVE-2015-6989)\n - Graphics Driver (CVE-2015-6986)\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939)\n - IOAcceleratorFamily (CVE-2015-6996)\n - IOHIDFamily (CVE-2015-6974)\n - Kernel (CVE-2015-7004, CVE-2015-6988, CVE-2015-6994)\n - Notification Center (CVE-2015-7000)\n - OpenGL (CVE-2015-5924)\n - Security (CVE-2015-6983, CVE-2015-6999, CVE-2015-6997)\n - Telephony (CVE-2015-7022)\n - WebKit (CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-6981, CVE-2015-6982, CVE-2015-7002, CVE-2015-7005, CVE-2015-7012, CVE-2015-7014)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "Apple iOS < 9.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-7002", "CVE-2015-7012", "CVE-2015-7014", "CVE-2015-6981", "CVE-2015-6982", "CVE-2015-7005", "CVE-2015-6996", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7017", "CVE-2015-7006", "CVE-2015-7015", "CVE-2015-5925", "CVE-2015-5926", "CVE-2015-5927", "CVE-2015-5942", "CVE-2015-6989", "CVE-2015-5935", "CVE-2015-5936", "CVE-2015-5937", "CVE-2015-5939", "CVE-2015-6974", "CVE-2015-6979", "CVE-2015-6986", "CVE-2015-7004", "CVE-2015-7000", "CVE-2015-6999", "CVE-2015-6997", "CVE-2015-7022", "CVE-2015-6995", "CVE-2015-7010", "CVE-2015-5924", "CVE-2015-7009", "CVE-2015-5940", "CVE-2015-7023", "CVE-2015-6976", "CVE-2015-6977", "CVE-2015-6978", "CVE-2015-6990", "CVE-2015-6991", "CVE-2015-6993", "CVE-2015-7008", "CVE-2015-7018", "CVE-2015-6994", "CVE-2015-6988", "CVE-2015-6983"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "9328.PRM", "href": "https://www.tenable.com/plugins/nnm/9328", "sourceData": "Binary data 9328.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-21T17:18:51", "description": "The mobile device is running a version of iOS prior to version 9.1. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Accelerate Framework (CVE-2015-5940)\n\n - Bom CVE-2015-7006)\n\n - CFNetwork (CVE-2015-7023)\n\n - configd (CVE-2015-7015)\n\n - CoreGraphics (CVE-2015-5925, CVE-2015-5926)\n\n - CoreText (CVE-2015-6975, CVE-2015-6992, CVE-2015-7017)\n\n - Disk Images (CVE-2015-6995)\n\n - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018)\n\n - GasGauge (CVE-2015-6979)\n\n - Grand Central Dispatch (CVE-2015-6989)\n\n - Graphics Driver (CVE-2015-6986)\n\n - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5939)\n\n - IOAcceleratorFamily (CVE-2015-6996)\n\n - IOHIDFamily (CVE-2015-6974)\n\n - Kernel (CVE-2015-7004, CVE-2015-6988, CVE-2015-6994)\n\n - Notification Center (CVE-2015-7000)\n\n - OpenGL (CVE-2015-5924)\n\n - Security (CVE-2015-6983, CVE-2015-6999, CVE-2015-6997)\n\n - Telephony (CVE-2015-7022)\n\n - WebKit (CVE-2015-5928, CVE-2015-5929, CVE-2015-5930, CVE-2015-6981, CVE-2015-6982, CVE-2015-7002, CVE-2015-7005, CVE-2015-7012, CVE-2015-7014)", "cvss3": {"score": null, "vector": null}, "published": "2015-10-23T00:00:00", "type": "nessus", "title": "Apple iOS < 9.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5924", "CVE-2015-5925", "CVE-2015-5926", "CVE-2015-5927", "CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5935", "CVE-2015-5936", "CVE-2015-5937", "CVE-2015-5939", "CVE-2015-5940", "CVE-2015-5942", "CVE-2015-6974", "CVE-2015-6975", "CVE-2015-6976", "CVE-2015-6977", "CVE-2015-6978", "CVE-2015-6979", "CVE-2015-6981", "CVE-2015-6982", "CVE-2015-6983", "CVE-2015-6986", "CVE-2015-6988", "CVE-2015-6989", "CVE-2015-6990", "CVE-2015-6991", "CVE-2015-6992", "CVE-2015-6993", "CVE-2015-6994", "CVE-2015-6995", "CVE-2015-6996", "CVE-2015-6997", "CVE-2015-6999", "CVE-2015-7000", "CVE-2015-7002", "CVE-2015-7004", "CVE-2015-7005", "CVE-2015-7006", "CVE-2015-7008", "CVE-2015-7009", "CVE-2015-7010", "CVE-2015-7012", "CVE-2015-7014", "CVE-2015-7015", "CVE-2015-7017", "CVE-2015-7018", "CVE-2015-7022", "CVE-2015-7023"], "modified": "2022-07-19T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_91_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/86571", "sourceData": "Binary data apple_ios_91_check.nbin", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-17T14:27:44", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-03T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7011"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806608", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806608\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\",\n \"CVE-2015-7002\", \"CVE-2015-7011\", \"CVE-2015-7012\", \"CVE-2015-7013\",\n \"CVE-2015-7014\");\n script_bugtraq_id(77264, 77267);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-03 14:39:29 +0530 (Tue, 03 Nov 2015)\");\n script_name(\"Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues in webKit.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 9.0.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 9.0.1 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205377\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"9.0.1\"))\n{\n report = 'Installed version: ' + safVer + '\\n' +\n 'Fixed version: ' + \"9.0.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T20:54:01", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-03T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities Nov15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-6992", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7017", "CVE-2015-7011"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310806609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities Nov15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806609\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\",\n \"CVE-2015-7002\", \"CVE-2015-7011\", \"CVE-2015-7012\", \"CVE-2015-7013\",\n \"CVE-2015-7014\", \"CVE-2015-6975\", \"CVE-2015-6992\", \"CVE-2015-7017\");\n script_bugtraq_id(77264, 77267, 77270);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-03 14:51:27 +0530 (Tue, 03 Nov 2015)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities Nov15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple memory corruption issues in WebKit.\n\n - Multiple memory corruption issues in the processing of text files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or conduct denial-of-service condition on\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.3.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.3.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205372\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"12.3.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"12.3.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Mageia Linux Local Security Checks mgasa-2016-0120", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0120", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310131278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131278", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0120.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131278\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:05:03 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0120\");\n script_tag(name:\"insight\", value:\"The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0120.html\");\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\", \"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\", \"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\", \"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0120\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"webkit\", rpm:\"webkit~2.4.10~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for webkitgtk USN-2937-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842701", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842701", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for webkitgtk USN-2937-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842701\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-22 06:13:01 +0100 (Tue, 22 Mar 2016)\");\n script_cve_id(\"CVE-2014-1748\", \"CVE-2015-1071\", \"CVE-2015-1076\", \"CVE-2015-1081\",\n\t\t\"CVE-2015-1083\", \"CVE-2015-1120\", \"CVE-2015-1122\", \"CVE-2015-1127\",\n\t\t\"CVE-2015-1153\", \"CVE-2015-1155\", \"CVE-2015-3658\", \"CVE-2015-3659\",\n\t\t\"CVE-2015-3727\", \"CVE-2015-3731\", \"CVE-2015-3741\", \"CVE-2015-3743\",\n\t\t\"CVE-2015-3745\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\",\n\t\t\"CVE-2015-3752\", \"CVE-2015-5788\", \"CVE-2015-5794\", \"CVE-2015-5801\",\n\t\t\"CVE-2015-5809\", \"CVE-2015-5822\", \"CVE-2015-5928\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for webkitgtk USN-2937-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"A large number of security issues were\n discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked\n into viewing a malicious website, a remote attacker could exploit a variety of\n issues related to web browser security, including cross-site scripting attacks,\n denial of service attacks, and arbitrary code execution.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Ubuntu 15.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2937-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2937-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libjavascriptcoregtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-1.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:i386\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libwebkitgtk-3.0-0:amd64\", ver:\"2.4.10-0ubuntu0.15.10.1\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-04-11T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2016-9", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807742\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 12:47:18 +0530 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-9\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180485.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-23T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk FEDORA-2016-5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807724\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-23 06:16:15 +0100 (Wed, 23 Mar 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk FEDORA-2016-5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179225.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk\", rpm:\"webkitgtk~2.4.10~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-21T00:00:00", "type": "openvas", "title": "Fedora Update for webkitgtk3 FEDORA-2016-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1127", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-1122", "CVE-2015-5794", "CVE-2015-1071", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-1076", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3748", "CVE-2015-3658", "CVE-2015-1083", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5928", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-1081", "CVE-2015-5809", "CVE-2014-1748"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for webkitgtk3 FEDORA-2016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807720\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-21 07:26:15 +0100 (Mon, 21 Mar 2016)\");\n script_cve_id(\"CVE-2015-1120\", \"CVE-2015-1076\", \"CVE-2015-1071\", \"CVE-2015-1081\",\n \"CVE-2015-1122\", \"CVE-2015-1155\", \"CVE-2014-1748\", \"CVE-2015-3752\",\n \"CVE-2015-5809\", \"CVE-2015-5928\", \"CVE-2015-3749\", \"CVE-2015-3659\",\n \"CVE-2015-3748\", \"CVE-2015-3743\", \"CVE-2015-3731\", \"CVE-2015-3745\",\n \"CVE-2015-5822\", \"CVE-2015-3658\", \"CVE-2015-3741\", \"CVE-2015-3727\",\n \"CVE-2015-5801\", \"CVE-2015-5788\", \"CVE-2015-3747\", \"CVE-2015-5794\",\n \"CVE-2015-1127\", \"CVE-2015-1153\", \"CVE-2015-1083\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for webkitgtk3 FEDORA-2016-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'webkitgtk3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"webkitgtk3 on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"webkitgtk3\", rpm:\"webkitgtk3~2.4.10~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "description": "Mageia Linux Local Security Checks mgasa-2016-0116", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2016-1725", "CVE-2015-1072", "CVE-2015-5825", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-7097", "CVE-2015-7100", "CVE-2015-7099", "CVE-2015-7002", "CVE-2016-1728", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-7104", "CVE-2015-1127", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-1073", "CVE-2015-5805", "CVE-2015-1122", "CVE-2015-1126", "CVE-2015-5828", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-1071", "CVE-2015-7098", "CVE-2015-5801", "CVE-2016-1727", "CVE-2015-3743", "CVE-2015-1156", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5931", "CVE-2015-7048", "CVE-2015-1068", "CVE-2015-5793", "CVE-2015-3750", "CVE-2015-5795", "CVE-2015-1076", "CVE-2015-1154", "CVE-2016-1723", "CVE-2015-1124", "CVE-2015-5929", "CVE-2015-3755", "CVE-2016-1726", "CVE-2015-3660", "CVE-2015-3753", "CVE-2015-5813", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-1070", "CVE-2015-7096", "CVE-2015-1077", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3742", "CVE-2016-1724", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-3748", "CVE-2015-1152", "CVE-2015-3658", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-7103", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-1121", "CVE-2015-1082", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-1081", "CVE-2015-1119", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-7095", "CVE-2015-7102", "CVE-2015-5804", "CVE-2015-1069", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-1075", "CVE-2015-5811", "CVE-2015-3737"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310131282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0116.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131282\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:05:06 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0116\");\n script_tag(name:\"insight\", value:\"The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0116.html\");\n script_cve_id(\"CVE-2015-1068\", \"CVE-2015-1069\", \"CVE-2015-1070\", \"CVE-2015-1071\", \"CVE-2015-1072\", \"CVE-2015-1073\", \"CVE-2015-1075\", \"CVE-2015-1076\", \"CVE-2015-1077\", \"CVE-2015-1081\", \"CVE-2015-1082\", \"CVE-2015-1119\", \"CVE-2015-1120\", \"CVE-2015-1121\", \"CVE-2015-1122\", \"CVE-2015-1124\", \"CVE-2015-1126\", \"CVE-2015-1127\", \"CVE-2015-1152\", \"CVE-2015-1153\", \"CVE-2015-1154\", \"CVE-2015-1155\", \"CVE-2015-1156\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3660\", \"CVE-2015-3727\", \"CVE-2015-3730\", \"CVE-2015-3731\", \"CVE-2015-3732\", \"CVE-2015-3733\", \"CVE-2015-3734\", \"CVE-2015-3735\", \"CVE-2015-3736\", \"CVE-2015-3737\", \"CVE-2015-3738\", \"CVE-2015-3739\", \"CVE-2015-3740\", \"CVE-2015-3741\", \"CVE-2015-3742\", \"CVE-2015-3743\", \"CVE-2015-3744\", \"CVE-2015-3745\", \"CVE-2015-3746\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3750\", \"CVE-2015-3751\", \"CVE-2015-3752\", \"CVE-2015-3753\", \"CVE-2015-3754\", \"CVE-2015-3755\", \"CVE-2015-5788\", \"CVE-2015-5793\", \"CVE-2015-5794\", \"CVE-2015-5795\", \"CVE-2015-5797\", \"CVE-2015-5799\", \"CVE-2015-5800\", \"CVE-2015-5801\", \"CVE-2015-5803\", \"CVE-2015-5804\", \"CVE-2015-5805\", \"CVE-2015-5806\", \"CVE-2015-5807\", \"CVE-2015-5809\", \"CVE-2015-5810\", \"CVE-2015-5811\", \"CVE-2015-5812\", \"CVE-2015-5813\", \"CVE-2015-5814\", \"CVE-2015-5815\", \"CVE-2015-5816\", \"CVE-2015-5817\", \"CVE-2015-5818\", \"CVE-2015-5819\", \"CVE-2015-5822\", \"CVE-2015-5823\", \"CVE-2015-5825\", \"CVE-2015-5827\", \"CVE-2015-5828\", \"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\", \"CVE-2015-7002\", \"CVE-2015-7012\", \"CVE-2015-7013\", \"CVE-2015-7014\", \"CVE-2015-7048\", \"CVE-2015-7095\", \"CVE-2015-7096\", \"CVE-2015-7097\", \"CVE-2015-7098\", \"CVE-2015-7099\", \"CVE-2015-7100\", \"CVE-2015-7102\", \"CVE-2015-7103\", \"CVE-2015-7104\", \"CVE-2016-1723\", \"CVE-2016-1724\", \"CVE-2016-1725\", \"CVE-2016-1726\", \"CVE-2016-1727\", \"CVE-2016-1728\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0116\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"webkit2\", rpm:\"webkit2~2.10.9~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:23:18", "description": "### *Detect date*:\n10/21/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.\n\n### *Affected products*:\nApple iTunes versions earlier than 12.3.1\n\n### *Solution*:\nUpdate to the latest version \n[Get iTunes](<http://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT205372>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2015-7012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7012>)6.8High \n[CVE-2015-7011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7011>)6.8High \n[CVE-2015-7017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7017>)7.5Critical \n[CVE-2015-7014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7014>)6.8High \n[CVE-2015-6975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6975>)7.5Critical \n[CVE-2015-6992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6992>)7.5Critical \n[CVE-2015-7013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7013>)6.8High \n[CVE-2015-5931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5931>)6.8High \n[CVE-2015-7002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7002>)6.8High \n[CVE-2015-5929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5929>)6.8High \n[CVE-2015-5930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5930>)6.8High \n[CVE-2015-5928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928>)6.8High", "cvss3": {}, "published": "2015-10-21T00:00:00", "type": "kaspersky", "title": "KLA10685 Multiple vulnerabilities at Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2020-06-03T00:00:00", "id": "KLA10685", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10685/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:29:18", "description": "A large number of security issues were discovered in the WebKitGTK+ Web and \nJavaScript engines. If a user were tricked into viewing a malicious \nwebsite, a remote attacker could exploit a variety of issues related to web \nbrowser security, including cross-site scripting attacks, denial of service \nattacks, and arbitrary code execution.\n", "cvss3": {}, "published": "2016-03-21T00:00:00", "type": "ubuntu", "title": "WebKitGTK+ vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3659", "CVE-2014-1748", "CVE-2015-3658", "CVE-2015-3743", "CVE-2015-5794", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-5788", "CVE-2015-1127", "CVE-2015-3741", "CVE-2015-5801", "CVE-2015-5822", "CVE-2015-5928", "CVE-2015-1071", "CVE-2015-1122", "CVE-2015-3731", "CVE-2015-3727", "CVE-2015-5809", "CVE-2015-1153", "CVE-2015-3752", "CVE-2015-1155", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3745", "CVE-2015-3749", "CVE-2015-1120"], "modified": "2016-03-21T00:00:00", "id": "USN-2937-1", "href": "https://ubuntu.com/security/notices/USN-2937-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs. \n", "cvss3": {}, "published": "2016-03-25T06:38:37", "type": "mageia", "title": "Updated webkit packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-25T06:38:37", "id": "MGASA-2016-0120", "href": "https://advisories.mageia.org/MGASA-2016-0120.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-03-25T06:38:37", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1068", "CVE-2015-1069", "CVE-2015-1070", "CVE-2015-1071", "CVE-2015-1072", "CVE-2015-1073", "CVE-2015-1075", "CVE-2015-1076", "CVE-2015-1077", "CVE-2015-1081", "CVE-2015-1082", "CVE-2015-1119", "CVE-2015-1120", "CVE-2015-1121", "CVE-2015-1122", "CVE-2015-1124", "CVE-2015-1126", "CVE-2015-1127", "CVE-2015-1152", "CVE-2015-1153", "CVE-2015-1154", "CVE-2015-1155", "CVE-2015-1156", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3660", "CVE-2015-3727", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-5788", "CVE-2015-5793", "CVE-2015-5794", "CVE-2015-5795", "CVE-2015-5797", "CVE-2015-5799", "CVE-2015-5800", "CVE-2015-5801", "CVE-2015-5803", "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5806", "CVE-2015-5807", "CVE-2015-5809", "CVE-2015-5810", "CVE-2015-5811", "CVE-2015-5812", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815", "CVE-2015-5816", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5819", "CVE-2015-5822", "CVE-2015-5823", "CVE-2015-5825", "CVE-2015-5827", "CVE-2015-5828", "CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7048", "CVE-2015-7095", "CVE-2015-7096", "CVE-2015-7097", "CVE-2015-7098", "CVE-2015-7099", "CVE-2015-7100", "CVE-2015-7102", "CVE-2015-7103", "CVE-2015-7104", "CVE-2016-1723", "CVE-2016-1724", "CVE-2016-1725", "CVE-2016-1726", "CVE-2016-1727", "CVE-2016-1728"], "modified": "2016-03-25T06:38:37", "id": "MGASA-2016-0116", "href": "https://advisories.mageia.org/MGASA-2016-0116.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {}, "published": "2016-03-21T01:53:49", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: webkitgtk3-2.4.10-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-21T01:53:49", "id": "FEDORA:568856077DDB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NNCJREXWBYTQB3MSNSDWCNSGJUJH3FVD/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "cvss3": {}, "published": "2016-03-22T19:55:11", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: webkitgtk-2.4.10-1.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-22T19:55:11", "id": "FEDORA:EBF24604237F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4GPMV6PPDDKFQF7WUMWRXF3KMO2RWPZI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "cvss3": {}, "published": "2016-03-27T00:38:11", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: webkitgtk-2.4.10-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-27T00:38:11", "id": "FEDORA:E319A6098B3F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GYHY4HBRVWQOADZTIDKDDYQFDBPAVGTG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {}, "published": "2016-03-27T00:38:22", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: webkitgtk3-2.4.10-1.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-27T00:38:22", "id": "FEDORA:9981A609AE8A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLY3S4JQ5ORQS3K7MZFF3JIM7FUCGPX7/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. ", "cvss3": {}, "published": "2016-03-29T19:23:05", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: webkitgtk-2.4.10-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1748", "CVE-2015-1071", "CVE-2015-1076", "CVE-2015-1081", "CVE-2015-1083", "CVE-2015-1120", "CVE-2015-1122", "CVE-2015-1127", "CVE-2015-1153", "CVE-2015-1155", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3727", "CVE-2015-3731", "CVE-2015-3741", "CVE-2015-3743", "CVE-2015-3745", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3752", "CVE-2015-5788", "CVE-2015-5794", "CVE-2015-5801", "CVE-2015-5809", "CVE-2015-5822", "CVE-2015-5928"], "modified": "2016-03-29T19:23:05", "id": "FEDORA:333BF6016168", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BTS3HSSJ2VCTM63ICX3VRXJJ2ZR2SEOG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}