WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1,
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
#### Notes
Author| Note
---|---
[jdstrand](<https://launchpad.net/~jdstrand>) | webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
{"cve": [{"lastseen": "2022-03-23T13:40:16", "description": "WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.", "cvss3": {}, "published": "2015-10-23T21:59:00", "type": "cve", "title": "CVE-2015-7013", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7013"], "modified": "2016-12-24T02:59:00", "cpe": ["cpe:/a:apple:itunes:12.3.0", "cpe:/o:apple:iphone_os:9.0.2", "cpe:/o:apple:mac_os_x:10.11.0"], "id": "CVE-2015-7013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7013", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:apple:iphone_os:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:itunes:12.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-07-17T14:27:44", "description": "This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-03T00:00:00", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7011"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310806608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806608", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806608\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\",\n \"CVE-2015-7002\", \"CVE-2015-7011\", \"CVE-2015-7012\", \"CVE-2015-7013\",\n \"CVE-2015-7014\");\n script_bugtraq_id(77264, 77267);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-11-03 14:39:29 +0530 (Tue, 03 Nov 2015)\");\n script_name(\"Apple Safari Multiple Vulnerabilities-01 Nov15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Safari\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple\n memory corruption issues in webKit.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari versions before 9.0.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Safari version 9.0.1 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205377\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"macosx_safari_detect.nasl\");\n script_mandatory_keys(\"AppleSafari/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!safVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:safVer, test_version:\"9.0.1\"))\n{\n report = 'Installed version: ' + safVer + '\\n' +\n 'Fixed version: ' + \"9.0.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-03T20:54:01", "description": "This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-11-03T00:00:00", "type": "openvas", "title": "Apple iTunes Multiple Vulnerabilities Nov15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-6992", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7017", "CVE-2015-7011"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310806609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities Nov15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806609\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_cve_id(\"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\",\n \"CVE-2015-7002\", \"CVE-2015-7011\", \"CVE-2015-7012\", \"CVE-2015-7013\",\n \"CVE-2015-7014\", \"CVE-2015-6975\", \"CVE-2015-6992\", \"CVE-2015-7017\");\n script_bugtraq_id(77264, 77267, 77270);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-03 14:51:27 +0530 (Tue, 03 Nov 2015)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities Nov15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple memory corruption issues in WebKit.\n\n - Multiple memory corruption issues in the processing of text files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or conduct denial-of-service condition on\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Apple iTunes versions before 12.3.1\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple iTunes 12.3.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT205372\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00006.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"12.3.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"12.3.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "description": "Mageia Linux Local Security Checks mgasa-2016-0116", "cvss3": {}, "published": "2016-03-31T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0116", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2016-1725", "CVE-2015-1072", "CVE-2015-5825", "CVE-2015-3736", "CVE-2015-3754", "CVE-2015-7097", "CVE-2015-7100", "CVE-2015-7099", "CVE-2015-7002", "CVE-2016-1728", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-7104", "CVE-2015-1127", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-5788", "CVE-2015-3731", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-1073", "CVE-2015-5805", "CVE-2015-1122", "CVE-2015-1126", "CVE-2015-5828", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-1071", "CVE-2015-7098", "CVE-2015-5801", "CVE-2016-1727", "CVE-2015-3743", "CVE-2015-1156", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5931", "CVE-2015-7048", "CVE-2015-1068", "CVE-2015-5793", "CVE-2015-3750", "CVE-2015-5795", "CVE-2015-1076", "CVE-2015-1154", "CVE-2016-1723", "CVE-2015-1124", "CVE-2015-5929", "CVE-2015-3755", "CVE-2016-1726", "CVE-2015-3660", "CVE-2015-3753", "CVE-2015-5813", "CVE-2015-3727", "CVE-2015-1120", "CVE-2015-1070", "CVE-2015-7096", "CVE-2015-1077", "CVE-2015-3749", "CVE-2015-1155", "CVE-2015-3742", "CVE-2016-1724", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-3748", "CVE-2015-1152", "CVE-2015-3658", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-7103", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-1121", "CVE-2015-1082", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-3659", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-1081", "CVE-2015-1119", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-7095", "CVE-2015-7102", "CVE-2015-5804", "CVE-2015-1069", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-1075", "CVE-2015-5811", "CVE-2015-3737"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310131282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131282", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0116.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131282\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-31 08:05:06 +0300 (Thu, 31 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0116\");\n script_tag(name:\"insight\", value:\"The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0116.html\");\n script_cve_id(\"CVE-2015-1068\", \"CVE-2015-1069\", \"CVE-2015-1070\", \"CVE-2015-1071\", \"CVE-2015-1072\", \"CVE-2015-1073\", \"CVE-2015-1075\", \"CVE-2015-1076\", \"CVE-2015-1077\", \"CVE-2015-1081\", \"CVE-2015-1082\", \"CVE-2015-1119\", \"CVE-2015-1120\", \"CVE-2015-1121\", \"CVE-2015-1122\", \"CVE-2015-1124\", \"CVE-2015-1126\", \"CVE-2015-1127\", \"CVE-2015-1152\", \"CVE-2015-1153\", \"CVE-2015-1154\", \"CVE-2015-1155\", \"CVE-2015-1156\", \"CVE-2015-3658\", \"CVE-2015-3659\", \"CVE-2015-3660\", \"CVE-2015-3727\", \"CVE-2015-3730\", \"CVE-2015-3731\", \"CVE-2015-3732\", \"CVE-2015-3733\", \"CVE-2015-3734\", \"CVE-2015-3735\", \"CVE-2015-3736\", \"CVE-2015-3737\", \"CVE-2015-3738\", \"CVE-2015-3739\", \"CVE-2015-3740\", \"CVE-2015-3741\", \"CVE-2015-3742\", \"CVE-2015-3743\", \"CVE-2015-3744\", \"CVE-2015-3745\", \"CVE-2015-3746\", \"CVE-2015-3747\", \"CVE-2015-3748\", \"CVE-2015-3749\", \"CVE-2015-3750\", \"CVE-2015-3751\", \"CVE-2015-3752\", \"CVE-2015-3753\", \"CVE-2015-3754\", \"CVE-2015-3755\", \"CVE-2015-5788\", \"CVE-2015-5793\", \"CVE-2015-5794\", \"CVE-2015-5795\", \"CVE-2015-5797\", \"CVE-2015-5799\", \"CVE-2015-5800\", \"CVE-2015-5801\", \"CVE-2015-5803\", \"CVE-2015-5804\", \"CVE-2015-5805\", \"CVE-2015-5806\", \"CVE-2015-5807\", \"CVE-2015-5809\", \"CVE-2015-5810\", \"CVE-2015-5811\", \"CVE-2015-5812\", \"CVE-2015-5813\", \"CVE-2015-5814\", \"CVE-2015-5815\", \"CVE-2015-5816\", \"CVE-2015-5817\", \"CVE-2015-5818\", \"CVE-2015-5819\", \"CVE-2015-5822\", \"CVE-2015-5823\", \"CVE-2015-5825\", \"CVE-2015-5827\", \"CVE-2015-5828\", \"CVE-2015-5928\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\", \"CVE-2015-7002\", \"CVE-2015-7012\", \"CVE-2015-7013\", \"CVE-2015-7014\", \"CVE-2015-7048\", \"CVE-2015-7095\", \"CVE-2015-7096\", \"CVE-2015-7097\", \"CVE-2015-7098\", \"CVE-2015-7099\", \"CVE-2015-7100\", \"CVE-2015-7102\", \"CVE-2015-7103\", \"CVE-2015-7104\", \"CVE-2016-1723\", \"CVE-2016-1724\", \"CVE-2016-1725\", \"CVE-2016-1726\", \"CVE-2016-1727\", \"CVE-2016-1728\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0116\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"webkit2\", rpm:\"webkit2~2.10.9~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:44:16", "description": "The version of Apple Safari installed on the remote host is prior to 9.0.1. It is, therefore, affected by multiple memory corruption issues in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a crafted website, to execute arbitrary code or possibly cause a denial of service.", "cvss3": {"score": null, "vector": null}, "published": "2015-11-06T00:00:00", "type": "nessus", "title": "Mac OS X : Apple Safari < 9.0.1 Multiple RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI9_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86790);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\"\n );\n script_bugtraq_id(77264, 77267);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-3\");\n\n script_name(english:\"Mac OS X : Apple Safari < 9.0.1 Multiple RCE\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote host is prior to\n9.0.1. It is, therefore, affected by multiple memory corruption issues\nin WebKit due to improper validation of user-supplied input. An\nunauthenticated, remote attacker can exploit these, via a crafted\nwebsite, to execute arbitrary code or possibly cause a denial of\nservice.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205377\");\n # http://lists.apple.com/archives/security-announce/2015/Oct/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5234a069\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 9.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7014\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.(9|10|11)([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9 / 10.10 / 10.11\");\n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"9.0.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:34", "description": "The version of Safari installed on the remote host is prior to 9.0.1, and is affected by multiple vulnerabilities in WebKit that are triggered as user-supplied input is not properly validated. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-12-17T00:00:00", "type": "nessus", "title": "Safari < 9.0.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"], "id": "9028.PRM", "href": "https://www.tenable.com/plugins/nnm/9028", "sourceData": "Binary data 9028.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:17", "description": "The version of Apple iTunes running on the remote host is prior to 12.3.1. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit and CoreText components. An attacker can exploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.3.1 Multiple Vulnerabilities (uncredentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_3_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/86603", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86603);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-6975\",\n \"CVE-2015-6992\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\",\n \"CVE-2015-7017\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-5\");\n\n script_name(english:\"Apple iTunes < 12.3.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.3.1. It is, therefore, affected by multiple vulnerabilities due to\nmemory corruption issues in the WebKit and CoreText components. An\nattacker can exploit these to cause a denial of service or execute\narbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.3.1.23\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:44:16", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.3.1. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit and CoreText components. An attacker can exploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-26T00:00:00", "type": "nessus", "title": "Apple iTunes < 12.3.1 Multiple Vulnerabilities (credentialed check)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:apple:itunes"], "id": "ITUNES_12_3_1.NASL", "href": "https://www.tenable.com/plugins/nessus/86602", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86602);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2015-5928\",\n \"CVE-2015-5929\",\n \"CVE-2015-5930\",\n \"CVE-2015-5931\",\n \"CVE-2015-6975\",\n \"CVE-2015-6992\",\n \"CVE-2015-7002\",\n \"CVE-2015-7011\",\n \"CVE-2015-7012\",\n \"CVE-2015-7013\",\n \"CVE-2015-7014\",\n \"CVE-2015-7017\"\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-10-21-5\");\n\n script_name(english:\"Apple iTunes < 12.3.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.3.1. It is, therefore, affected by multiple\nvulnerabilities due to memory corruption issues in the WebKit and\nCoreText components. An attacker can exploit these to cause a denial\nof service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205372\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes version 12.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.3.1.23\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:25", "description": "This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.10.7 :\n\n + Fix the build with GTK+ < 3.16.\n\n - Changes from version 2.10.6 :\n\n + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang.\n\n + Fix media controls displaying without controls attribute.\n\n + Fix a Web Process crash when quickly attempting many DnD operations.\n\n - Changes from version 2.10.5 :\n\n + Disable DNS prefetch when a proxy is configured.\n\n + Reduce the maximum simultaneous network connections to match other browsers.\n\n + Make WebKitWebView always propagate motion-notify-event signal.\n\n + Add a way to force accelerating compositing mode at runtime using an environment variable.\n\n + Fix input elements and scrollbars rendering with GTK+ 3.19.\n\n + Fix rendering of lines when using solid colors.\n\n + Fix UI process crashes related to not having a main resource response when the load is committed for pages restored from the history cache.\n\n + Fix a WebProcess crash when loading large contents with custom URI schemes API.\n\n + Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy is being created.\n\n + Fix WebProcess crashes due to BadDrawable X errors in accelerated compositing mode.\n\n + Fix crashes on PPC64 due to mprotect() on address not aligned to the page size.\n\n + Fix std::bad_function_call exception raised in dispatchDecidePolicyForNavigationAction.\n\n + Fix downloads of data URLs.\n\n + Fix runtime critical warnings when closing a page containing windowed plugins.\n\n + Fix several crashes and rendering issues.\n\n + Translation updates: French, German, Italian, Turkish.\n\n + Security fixes: CVE-2015-7096, CVE-2015-7098.\n\n - Update to version 2.10.4, notable changes :\n\n + New HTTP disk cache for the Network Process.\n\n + New Web Inspector UI.\n\n + Automatic ScreenServer inhibition when playing fullscreen videos.\n\n + Initial Editor API.\n\n + Performance improvements.\n\n - This update addresses the following security issues:\n CVE-2015-1122, CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730, CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744, CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754, CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807, CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815, CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827, CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931, CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, CVE-2015-7103, CVE-2015-7104\n\n - Add BuildRequires: hyphen-devel to pick up hyphenation support. Note this is broken upstream.\n\n - Build with -DENABLE_DATABASE_PROCESS=OFF and\n\n -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8.", "cvss3": {"score": null, "vector": null}, "published": "2016-03-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1122", "CVE-2015-1152", "CVE-2015-1155", "CVE-2015-3660", "CVE-2015-3730", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3742", "CVE-2015-3744", "CVE-2015-3746", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5807", "CVE-2015-5810", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5825", "CVE-2015-5827", "CVE-2015-5828", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7048", "CVE-2015-7095", "CVE-2015-7096", "CVE-2015-7097", "CVE-2015-7098", "CVE-2015-7099", "CVE-2015-7100", "CVE-2015-7102", "CVE-2015-7103", "CVE-2015-7104"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo", "p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo", "p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang", "p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0", "p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0", "p-cpe:/a:novell:opensuse:webkit-jsc-4", "p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles", "p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo", "p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource", "p-cpe:/a:novell:opensuse:webkit2gtk3-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-340.NASL", "href": "https://www.tenable.com/plugins/nessus/89950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-340.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89950);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1122\", \"CVE-2015-1152\", \"CVE-2015-1155\", \"CVE-2015-3660\", \"CVE-2015-3730\", \"CVE-2015-3738\", \"CVE-2015-3740\", \"CVE-2015-3742\", \"CVE-2015-3744\", \"CVE-2015-3746\", \"CVE-2015-3750\", \"CVE-2015-3751\", \"CVE-2015-3754\", \"CVE-2015-3755\", \"CVE-2015-5804\", \"CVE-2015-5805\", \"CVE-2015-5807\", \"CVE-2015-5810\", \"CVE-2015-5813\", \"CVE-2015-5814\", \"CVE-2015-5815\", \"CVE-2015-5817\", \"CVE-2015-5818\", \"CVE-2015-5825\", \"CVE-2015-5827\", \"CVE-2015-5828\", \"CVE-2015-5929\", \"CVE-2015-5930\", \"CVE-2015-5931\", \"CVE-2015-7002\", \"CVE-2015-7013\", \"CVE-2015-7014\", \"CVE-2015-7048\", \"CVE-2015-7095\", \"CVE-2015-7096\", \"CVE-2015-7097\", \"CVE-2015-7098\", \"CVE-2015-7099\", \"CVE-2015-7100\", \"CVE-2015-7102\", \"CVE-2015-7103\", \"CVE-2015-7104\");\n\n script_name(english:\"openSUSE Security Update : webkit2gtk3 (openSUSE-2016-340)\");\n script_summary(english:\"Check for the openSUSE-2016-340 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for webkit2gtk3 fixes the following issues :\n\n - Update to version 2.10.7 :\n\n + Fix the build with GTK+ < 3.16.\n\n - Changes from version 2.10.6 :\n\n + Fix a deadlock in the Web Process when JavaScript\n garbage collector was running for a web worker thread\n that made google maps to hang.\n\n + Fix media controls displaying without controls\n attribute.\n\n + Fix a Web Process crash when quickly attempting many DnD\n operations.\n\n - Changes from version 2.10.5 :\n\n + Disable DNS prefetch when a proxy is configured.\n\n + Reduce the maximum simultaneous network connections to\n match other browsers.\n\n + Make WebKitWebView always propagate motion-notify-event\n signal.\n\n + Add a way to force accelerating compositing mode at\n runtime using an environment variable.\n\n + Fix input elements and scrollbars rendering with GTK+\n 3.19.\n\n + Fix rendering of lines when using solid colors.\n\n + Fix UI process crashes related to not having a main\n resource response when the load is committed for pages\n restored from the history cache.\n\n + Fix a WebProcess crash when loading large contents with\n custom URI schemes API.\n\n + Fix a crash in the UI process when the WebView is\n destroyed while the screensaver DBus proxy is being\n created.\n\n + Fix WebProcess crashes due to BadDrawable X errors in\n accelerated compositing mode.\n\n + Fix crashes on PPC64 due to mprotect() on address not\n aligned to the page size.\n\n + Fix std::bad_function_call exception raised in\n dispatchDecidePolicyForNavigationAction.\n\n + Fix downloads of data URLs.\n\n + Fix runtime critical warnings when closing a page\n containing windowed plugins.\n\n + Fix several crashes and rendering issues.\n\n + Translation updates: French, German, Italian, Turkish.\n\n + Security fixes: CVE-2015-7096, CVE-2015-7098.\n\n - Update to version 2.10.4, notable changes :\n\n + New HTTP disk cache for the Network Process.\n\n + New Web Inspector UI.\n\n + Automatic ScreenServer inhibition when playing\n fullscreen videos.\n\n + Initial Editor API.\n\n + Performance improvements.\n\n - This update addresses the following security issues:\n CVE-2015-1122, CVE-2015-1152, CVE-2015-1155,\n CVE-2015-3660, CVE-2015-3730, CVE-2015-3738,\n CVE-2015-3740, CVE-2015-3742, CVE-2015-3744,\n CVE-2015-3746, CVE-2015-3750, CVE-2015-3751,\n CVE-2015-3754, CVE-2015-3755, CVE-2015-5804,\n CVE-2015-5805, CVE-2015-5807, CVE-2015-5810,\n CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,\n CVE-2015-5817, CVE-2015-5818, CVE-2015-5825,\n CVE-2015-5827, CVE-2015-5828, CVE-2015-5929,\n CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,\n CVE-2015-7013, CVE-2015-7014, CVE-2015-7048,\n CVE-2015-7095, CVE-2015-7097, CVE-2015-7099,\n CVE-2015-7100, CVE-2015-7102, CVE-2015-7103,\n CVE-2015-7104\n\n - Add BuildRequires: hyphen-devel to pick up hyphenation\n support. Note this is broken upstream.\n\n - Build with -DENABLE_DATABASE_PROCESS=OFF and\n\n -DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC\n 4.8.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkit2gtk3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libjavascriptcoregtk-4_0-18-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk-4_0-37-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwebkit2gtk3-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-JavaScriptCore-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:typelib-1_0-WebKit2WebExtension-4_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit-jsc-4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk-4_0-injected-bundles-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:webkit2gtk3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-4_0-18-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkit2gtk-4_0-37-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkit2gtk-4_0-37-debuginfo-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwebkit2gtk3-lang-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-JavaScriptCore-4_0-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit2-4_0-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"typelib-1_0-WebKit2WebExtension-4_0-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-4-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit-jsc-4-debuginfo-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit2gtk-4_0-injected-bundles-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit2gtk-4_0-injected-bundles-debuginfo-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit2gtk3-debugsource-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"webkit2gtk3-devel-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-32bit-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libjavascriptcoregtk-4_0-18-debuginfo-32bit-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-32bit-2.10.7-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwebkit2gtk-4_0-37-debuginfo-32bit-2.10.7-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:50:30", "description": "Update to 2.10.4. Major new features: * New HTTP disk cache for the Network Process. * IndexedDB support. * New Web Inspector UI. * Automatic ScreenServer inhibition when playing fullscreen videos. * Initial Editor API.\n\n - Performance improvements. This update addresses the following vulnerabilities: * CVE-2015-1122 * CVE-2015-1152 * CVE-2015-1155 * CVE-2015-3660 * CVE-2015-3730 * CVE-2015-3738 * CVE-2015-3740 * CVE-2015-3742 * CVE-2015-3744 * CVE-2015-3746 * CVE-2015-3750 * CVE-2015-3751 * CVE-2015-3754 * CVE-2015-3755 * CVE-2015-5804 * CVE-2015-5805 * CVE-2015-5807 * CVE-2015-5810 * CVE-2015-5813 * CVE-2015-5814 * CVE-2015-5815 * CVE-2015-5817 * CVE-2015-5818 * CVE-2015-5825 * CVE-2015-5827 * CVE-2015-5828 * CVE-2015-5929 * CVE-2015-5930 * CVE-2015-5931 * CVE-2015-7002 * CVE-2015-7013 * CVE-2015-7014 * CVE-2015-7048 * CVE-2015-7095 * CVE-2015-7097 * CVE-2015-7099 * CVE-2015-7100 * CVE-2015-7102 * CVE-2015-7103 * CVE-2015-7104 For further information on the new features, see the [Igalia blog post](http://blogs.igalia.com/carlosgc/2015/09/21/webkit gtk-2-10/). For information on the security vulnerabilities, refer to [WebKitGTK+ Security Advisory WSA-2015-0002](http://webkitgtk.org/security/WSA-2015-00 02.html).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : webkitgtk4-2.10.4-1.fc22 (2016-d132dbb529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1122", "CVE-2015-1152", "CVE-2015-1155", "CVE-2015-3660", "CVE-2015-3730", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3742", "CVE-2015-3744", "CVE-2015-3746", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5807", "CVE-2015-5810", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5825", "CVE-2015-5827", "CVE-2015-5828", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7048", "CVE-2015-7095", "CVE-2015-7097", "CVE-2015-7099", "CVE-2015-7100", "CVE-2015-7102", "CVE-2015-7103", "CVE-2015-7104"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-D132DBB529.NASL", "href": "https://www.tenable.com/plugins/nessus/89619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-d132dbb529.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89619);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2016-d132dbb529\");\n\n script_name(english:\"Fedora 22 : webkitgtk4-2.10.4-1.fc22 (2016-d132dbb529)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.10.4. Major new features: * New HTTP disk cache for the\nNetwork Process. * IndexedDB support. * New Web Inspector UI. *\nAutomatic ScreenServer inhibition when playing fullscreen videos. *\nInitial Editor API.\n\n - Performance improvements. This update addresses the\n following vulnerabilities: * CVE-2015-1122 *\n CVE-2015-1152 * CVE-2015-1155 * CVE-2015-3660 *\n CVE-2015-3730 * CVE-2015-3738 * CVE-2015-3740 *\n CVE-2015-3742 * CVE-2015-3744 * CVE-2015-3746 *\n CVE-2015-3750 * CVE-2015-3751 * CVE-2015-3754 *\n CVE-2015-3755 * CVE-2015-5804 * CVE-2015-5805 *\n CVE-2015-5807 * CVE-2015-5810 * CVE-2015-5813 *\n CVE-2015-5814 * CVE-2015-5815 * CVE-2015-5817 *\n CVE-2015-5818 * CVE-2015-5825 * CVE-2015-5827 *\n CVE-2015-5828 * CVE-2015-5929 * CVE-2015-5930 *\n CVE-2015-5931 * CVE-2015-7002 * CVE-2015-7013 *\n CVE-2015-7014 * CVE-2015-7048 * CVE-2015-7095 *\n CVE-2015-7097 * CVE-2015-7099 * CVE-2015-7100 *\n CVE-2015-7102 * CVE-2015-7103 * CVE-2015-7104 For\n further information on the new features, see the [Igalia\n blog\n post](http://blogs.igalia.com/carlosgc/2015/09/21/webkit\n gtk-2-10/). For information on the security\n vulnerabilities, refer to [WebKitGTK+ Security Advisory\n WSA-2015-0002](http://webkitgtk.org/security/WSA-2015-00\n 02.html).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://blogs.igalia.com/carlosgc/2015/09/21/webkitgtk-2-10/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.igalia.com/carlosgc/2015/09/21/webkitgtk-2-10/\"\n );\n # http://webkitgtk.org/security/WSA-2015-0002.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://webkitgtk.org/security/WSA-2015-0002.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176536.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5712c42\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"webkitgtk4-2.10.4-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-3 Safari 9.0.1\r\n\r\nSafari 9.0.1 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\r\nand OS X El Capitan v10.11\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-5931\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7011 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7013 : Apple\r\nCVE-2015-7014\r\n\r\nInstallation note:\r\n\r\nSafari 9.0.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-3 Safari 9.0.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32565", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32565", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:02", "description": "\r\n\r\nAPPLE-SA-2015-10-21-5 iTunes 12.3.1\r\n\r\niTunes 12.3.1 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may result in unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5928 : Apple\r\nCVE-2015-5929 : Apple\r\nCVE-2015-5930 : Apple\r\nCVE-2015-5931\r\nCVE-2015-7002 : Apple\r\nCVE-2015-7011 : Apple\r\nCVE-2015-7012 : Apple\r\nCVE-2015-7013 : Apple\r\nCVE-2015-7014\r\n\r\niTunes\r\nAvailable for: Windows 7 and later\r\nImpact: Applications that use CoreText may be vulnerable to\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nprocessing of text files. These issues were addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nInstallation note:\r\n\r\niTunes 12.3.1 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nYou may also update to the latest version of iTunes via Apple\r\nSoftware Update, which can be found in the Start menu.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "APPLE-SA-2015-10-21-5 iTunes 12.3.1", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-7014", "CVE-2015-6992", "CVE-2015-5931", "CVE-2015-5929", "CVE-2015-7012", "CVE-2015-5928", "CVE-2015-7017", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:DOC:32567", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32567", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:11:44", "description": "Information spoofing, information disclosure, restriction bypass, race conditions, memory corruptions.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5930", "CVE-2015-7013", "CVE-2015-5825", "CVE-2015-7002", "CVE-2015-5798", "CVE-2015-5796", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-5788", "CVE-2015-5805", "CVE-2015-5828", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-5912", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-5802", "CVE-2015-5931", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5789", "CVE-2015-5765", "CVE-2015-5780", "CVE-2015-5813", "CVE-2015-5764", "CVE-2015-5821", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-5827", "CVE-2015-5826", "CVE-2015-5820", "CVE-2015-5815", "CVE-2015-3801", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-7011", "CVE-2015-5767"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14700", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14700", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:18:15", "description": "Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure.", "edition": 2, "cvss3": {}, "published": "2015-10-25T00:00:00", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-3733", "CVE-2015-5930", "CVE-2015-7013", "CVE-2015-1157", "CVE-2015-3736", "CVE-2015-3686", "CVE-2015-6975", "CVE-2015-7002", "CVE-2015-5798", "CVE-2015-3688", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-5796", "CVE-2015-1205", "CVE-2015-5874", "CVE-2015-5808", "CVE-2015-5812", "CVE-2015-7014", "CVE-2015-3731", "CVE-2015-3687", "CVE-2015-6992", "CVE-2015-5805", "CVE-2015-3738", "CVE-2015-5816", "CVE-2015-5794", "CVE-2015-3740", "CVE-2015-3739", "CVE-2015-5807", "CVE-2015-5801", "CVE-2015-3743", "CVE-2015-3747", "CVE-2015-5818", "CVE-2015-5803", "CVE-2015-3730", "CVE-2015-5802", "CVE-2015-5931", "CVE-2015-5792", "CVE-2015-5791", "CVE-2015-5793", "CVE-2015-5795", "CVE-2015-5929", "CVE-2015-5789", "CVE-2015-5761", "CVE-2015-5813", "CVE-2015-5821", "CVE-2015-3749", "CVE-2015-3742", "CVE-2015-5819", "CVE-2015-5800", "CVE-2015-3748", "CVE-2014-8146", "CVE-2015-1152", "CVE-2015-5815", "CVE-2015-3746", "CVE-2015-5920", "CVE-2015-5755", "CVE-2015-7012", "CVE-2015-5810", "CVE-2015-3741", "CVE-2015-3745", "CVE-2015-1153", "CVE-2015-5823", "CVE-2015-5928", "CVE-2015-3735", "CVE-2015-5822", "CVE-2015-5797", "CVE-2015-5806", "CVE-2015-5809", "CVE-2015-5799", "CVE-2015-5790", "CVE-2015-5804", "CVE-2015-5814", "CVE-2015-7017", "CVE-2015-5817", "CVE-2015-5811", "CVE-2015-3737", "CVE-2010-3190", "CVE-2015-7011"], "modified": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14698", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14698", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2021-08-18T11:23:18", "description": "### *Detect date*:\n10/21/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.\n\n### *Affected products*:\nApple iTunes versions earlier than 12.3.1\n\n### *Solution*:\nUpdate to the latest version \n[Get iTunes](<http://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT205372>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2015-7012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7012>)6.8High \n[CVE-2015-7011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7011>)6.8High \n[CVE-2015-7017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7017>)7.5Critical \n[CVE-2015-7014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7014>)6.8High \n[CVE-2015-6975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6975>)7.5Critical \n[CVE-2015-6992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6992>)7.5Critical \n[CVE-2015-7013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7013>)6.8High \n[CVE-2015-5931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5931>)6.8High \n[CVE-2015-7002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7002>)6.8High \n[CVE-2015-5929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5929>)6.8High \n[CVE-2015-5930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5930>)6.8High \n[CVE-2015-5928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928>)6.8High", "cvss3": {}, "published": "2015-10-21T00:00:00", "type": "kaspersky", "title": "KLA10685 Multiple vulnerabilities at Apple iTunes", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-6975", "CVE-2015-6992", "CVE-2015-7002", "CVE-2015-7011", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7017"], "modified": "2020-06-03T00:00:00", "id": "KLA10685", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10685/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. ", "cvss3": {}, "published": "2016-02-01T06:38:54", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: webkitgtk4-2.10.4-1.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1122", "CVE-2015-1152", "CVE-2015-1155", "CVE-2015-3660", "CVE-2015-3730", "CVE-2015-3738", "CVE-2015-3740", "CVE-2015-3742", "CVE-2015-3744", "CVE-2015-3746", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5807", "CVE-2015-5810", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5825", "CVE-2015-5827", "CVE-2015-5828", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7048", "CVE-2015-7095", "CVE-2015-7097", "CVE-2015-7099", "CVE-2015-7100", "CVE-2015-7102", "CVE-2015-7103", "CVE-2015-7104"], "modified": "2016-02-01T06:38:54", "id": "FEDORA:3FFBD608DDB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HJ4JBPMYF6DW5F22S5RPC6HQHVZ4JY35/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The webkit2 package has been updated to version 2.10.9, fixing several security issues and other bugs. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-03-25T06:38:37", "type": "mageia", "title": "Updated webkit2 packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1068", "CVE-2015-1069", "CVE-2015-1070", "CVE-2015-1071", "CVE-2015-1072", "CVE-2015-1073", "CVE-2015-1075", "CVE-2015-1076", "CVE-2015-1077", "CVE-2015-1081", "CVE-2015-1082", "CVE-2015-1119", "CVE-2015-1120", "CVE-2015-1121", "CVE-2015-1122", "CVE-2015-1124", "CVE-2015-1126", "CVE-2015-1127", "CVE-2015-1152", "CVE-2015-1153", "CVE-2015-1154", "CVE-2015-1155", "CVE-2015-1156", "CVE-2015-3658", "CVE-2015-3659", "CVE-2015-3660", "CVE-2015-3727", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-5788", "CVE-2015-5793", "CVE-2015-5794", "CVE-2015-5795", "CVE-2015-5797", "CVE-2015-5799", "CVE-2015-5800", "CVE-2015-5801", "CVE-2015-5803", "CVE-2015-5804", "CVE-2015-5805", "CVE-2015-5806", "CVE-2015-5807", "CVE-2015-5809", "CVE-2015-5810", "CVE-2015-5811", "CVE-2015-5812", "CVE-2015-5813", "CVE-2015-5814", "CVE-2015-5815", "CVE-2015-5816", "CVE-2015-5817", "CVE-2015-5818", "CVE-2015-5819", "CVE-2015-5822", "CVE-2015-5823", "CVE-2015-5825", "CVE-2015-5827", "CVE-2015-5828", "CVE-2015-5928", "CVE-2015-5929", "CVE-2015-5930", "CVE-2015-5931", "CVE-2015-7002", "CVE-2015-7012", "CVE-2015-7013", "CVE-2015-7014", "CVE-2015-7048", "CVE-2015-7095", "CVE-2015-7096", "CVE-2015-7097", "CVE-2015-7098", "CVE-2015-7099", "CVE-2015-7100", "CVE-2015-7102", "CVE-2015-7103", "CVE-2015-7104", "CVE-2016-1723", "CVE-2016-1724", "CVE-2016-1725", "CVE-2016-1726", "CVE-2016-1727", "CVE-2016-1728"], "modified": "2016-03-25T06:38:37", "id": "MGASA-2016-0116", "href": "https://advisories.mageia.org/MGASA-2016-0116.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}