Vulnerabilities > CVE-2009-1725 - Numeric Errors vulnerability in Apple Safari

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

apple

CWE-189

nessus

NVD

Published: 2009-07-09

Updated: 2022-08-09

Summary

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Safari 3.0.4B Apple Safari 2.0.3 Apple Safari - Apple Safari 1.0 Apple Safari 1.0.0 Apple Safari 1.0.0B1 Apple Safari 1.0.0B2 Apple Safari 1.0.1 Apple Safari 1.0.2 Apple Safari 1.0.3 Apple Safari 1.0B1 Apple Safari 1.1 Apple Safari 1.1.0 Apple Safari 1.1.1 Apple Safari 1.2 Apple Safari 1.2.0 Apple Safari 1.2.1 Apple Safari 1.2.2 Apple Safari 1.2.3 Apple Safari 1.2.4 Apple Safari 1.2.5 Apple Safari 1.3 Apple Safari 1.3.0 Apple Safari 1.3.1 Apple Safari 1.3.2 Apple Safari 2 Apple Safari 2.0 Apple Safari 2.0.0 Apple Safari 2.0.1 Apple Safari 2.0.2 Apple Safari 2.0.4 Apple Safari 3 Apple Safari 3.0 Apple Safari 3.0.0 Apple Safari 3.0.0B Apple Safari 3.0.1 Apple Safari 3.0.1B Apple Safari 3.0.2 Apple Safari 3.0.2B Apple Safari 3.0.3 Apple Safari 3.0.3B Apple Safari 3.0.4 Apple Safari 3.0.5 Apple Safari 3.1.0 Apple Safari 3.1.0B Apple Safari 3.1.1 Apple Safari 3.1.1B Apple Safari 3.1.2 Apple Safari 3.1.2B Apple Safari 3.2.0 Apple Safari 3.2.0B Apple Safari 3.2.1 Apple Safari 3.2.1B Apple Safari 3.2.2 Apple Safari 3.2.2B Apple Safari 4.0 Apple Safari 4.0.0B Apple Safari 4.0.1	83
OS	Apple Apple Iphone OS - Apple Iphone OS 1.0.0 Apple Iphone OS 1.0.1 Apple Iphone OS 1.0.2 Apple Iphone OS 1.1.0 Apple Iphone OS 1.1.1 Apple Iphone OS 1.1.2 Apple Iphone OS 1.1.3 Apple Iphone OS 1.1.4 Apple Iphone OS 1.1.5 Apple Iphone OS 2.0 Apple Iphone OS 2.0.0 Apple Iphone OS 2.0.1 Apple Iphone OS 2.0.2 Apple Iphone OS 2.1 Apple Iphone OS 2.1.1 Apple Iphone OS 2.2 Apple Iphone OS 2.2.1 Apple Iphone OS 3.0 Apple Iphone OS 3.0.1 Apple Iphone OS *	55
Hardware	Apple Apple Ipod Touch *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-857-1.NASL
description	It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	42467
published	2009-11-11
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/42467
title	Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-857-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(42467); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725"); script_bugtraq_id(34924, 35271, 35309, 35318); script_xref(name:"USN", value:"857-1"); script_name(english:"Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/857-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 189, 200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-assistant"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-designer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-help"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-qt3support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-script"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-scripttools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-psql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-svg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtcore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtgui4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-designer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qmake"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qtconfig"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(8\.10\|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-assistant", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-core", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbus", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-gui", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-help", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-network", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-qt3support", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-script", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-mysql", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-odbc", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-psql", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite2", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-svg", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-test", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xml", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqtcore4", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libqtgui4", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-demos", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-dev-tools", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc-html", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"qt4-qtconfig", pkgver:"4.4.3-0ubuntu1.4")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-assistant", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-core", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbus", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-gui", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-help", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-network", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-qt3support", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-script", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-scripttools", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-mysql", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-odbc", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-psql", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite2", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-svg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-test", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xml", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqtcore4", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libqtgui4", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc-html", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-qmake", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"qt4-qtconfig", pkgver:"4.5.0-0ubuntu4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libqt4-assistant / libqt4-core / libqt4-dbg / libqt4-dbus / etc"); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1988.NASL
description	Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
last seen	2020-06-01
modified	2020-06-02
plugin id	44852
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44852
title	Debian DSA-1988-1 : qt4-x11 - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1988. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44852); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725", "CVE-2009-2700"); script_bugtraq_id(34924, 35271, 35309, 35318); script_xref(name:"DSA", value:"1988"); script_name(english:"Debian DSA-1988-1 : qt4-x11 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer. - CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. - CVE-2009-1698 WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. - CVE-2009-1711 WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. - CVE-2009-1712 WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. - CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. - CVE-2009-1725 WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution (etch) is not affected by these problems." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538347" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545793" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0945" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1687" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1690" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1698" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1699" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1711" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1712" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1713" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1725" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2700" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-1988" ); script_set_attribute( attribute:"solution", value: "Upgrade the qt4-x11 packages. For the stable distribution (lenny), these problems have been fixed in version 4.4.3-1+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt4-x11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"libqt4-assistant", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-core", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-dbg", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-dbus", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-designer", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-dev", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-gui", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-help", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-network", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-opengl", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-opengl-dev", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-qt3support", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-script", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-ibase", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-mysql", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-odbc", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-psql", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite2", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-svg", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-test", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-webkit", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-webkit-dbg", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-xml", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns-dbg", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqtcore4", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libqtgui4", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-demos", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-designer", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-dev-tools", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-doc", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-doc-html", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-qmake", reference:"4.4.3-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"qt4-qtconfig", reference:"4.4.3-1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1950.NASL
description	Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
last seen	2020-06-01
modified	2020-06-02
plugin id	44815
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44815
title	Debian DSA-1950-1 : webkit - several vulnerabilities

NASL family	Windows
NASL id	SAFARI_4_0_2.NASL
description	The version of Safari installed on the remote Windows host is earlier than 4.0.2. Such versions are potentially affected by two issues : - A vulnerability in WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	39767
published	2009-07-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39767
title	Safari < 4.0.2 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8039.NASL
description	This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40412
published	2009-07-29
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40412
title	Fedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8020.NASL
description	This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10
last seen	2020-06-01
modified	2020-06-02
plugin id	40411
published	2009-07-29
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40411
title	Fedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_KDELIBS4-101103.NASL
description	An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	53667
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53667
title	openSUSE Security Update : kdelibs4 (openSUSE-SU-2010:1036-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8800.NASL
description	Qt
last seen	2020-06-01
modified	2020-06-02
plugin id	40680
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40680
title	Fedora 11 : qt-4.5.2-2.fc11 (2009-8800)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-346.NASL
description	Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
last seen	2020-06-01
modified	2020-06-02
plugin id	43613
published	2009-12-30
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/43613
title	Mandriva Linux Security Advisory : kde (MDVSA-2009:346)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8049.NASL
description	This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40414
published	2009-07-29
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40414
title	Fedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2010-027.NASL
description	Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
last seen	2020-06-01
modified	2020-06-02
plugin id	48170
published	2010-07-30
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48170
title	Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8046.NASL
description	This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40413
published	2009-07-29
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40413
title	Fedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8802.NASL
description	Qt
last seen	2020-06-01
modified	2020-06-02
plugin id	40681
published	2009-08-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40681
title	Fedora 10 : qt-4.5.2-2.fc10 (2009-8802)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_KDELIBS3-101103.NASL
description	An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	51088
published	2010-12-09
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51088
title	SuSE 11 Security Update : kdelibs (SAT Patch Number 3450)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-836-1.NASL
description	It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	41606
published	2009-09-24
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/41606
title	Ubuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_LIBWEBKIT-110111.NASL
description	Various bugs in webkit have been fixed. The CVE id
last seen	2020-06-01
modified	2020-06-02
plugin id	53764
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53764
title	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SAFARI4_0_2.NASL
description	The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.2 As such, it is potentially affected by two issues : - A vulnerability in WebKit
last seen	2020-06-01
modified	2020-06-02
plugin id	39768
published	2009-07-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/39768
title	Mac OS X : Apple Safari < 4.0.2

NASL family	SuSE Local Security Checks
NASL id	SUSE_KDELIBS3-7217.NASL
description	An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	51089
published	2010-12-09
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/51089
title	SuSE 10 Security Update : kdelibs (ZYPP Patch Number 7217)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_LIBWEBKIT-110104.NASL
description	Various bugs in webkit have been fixed. The CVE id
last seen	2020-06-01
modified	2020-06-02
plugin id	75629
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75629
title	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)

Oval

accepted

2014-02-03T04:04:45.713-05:00

class

vulnerability

contributors

name Prabhu.S.A
organization SecPod Technologies
name Shane Shaffer
organization G2, Inc.
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Kedovskaya
organization ALTX-SOFT

definition_extensions

comment	Apple Safari is installed
oval	oval:org.mitre.oval:def:6325

description

family

windows

oval:org.mitre.oval:def:5777

status

accepted

submitted

2009-09-24T09:00:11

title

Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.

version

Statements

contributor	Tomas Hoger
lastmodified	2009-08-07
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.