Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:136141256231192023998902661003102
HistorySep 10, 2024 - 12:00 a.m.

Fedora: Security Advisory (FEDORA-2023-c890266d3f)

2024-09-1000:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
2
fedora
security advisory
'chromium' package
cve-2023-4863
cve-2023-4900
cve-2023-4901
cve-2023-4902
cve-2023-4903
cve-2023-4904
cve-2023-4905
cve-2023-4906
cve-2023-4907
cve-2023-4908
cve-2023-4909
cve-2023-5129
cve-2023-5186

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.629

Percentile

97.9%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.9.2023.998902661003102");
  script_cve_id("CVE-2023-4863", "CVE-2023-4900", "CVE-2023-4901", "CVE-2023-4902", "CVE-2023-4903", "CVE-2023-4904", "CVE-2023-4905", "CVE-2023-4906", "CVE-2023-4907", "CVE-2023-4908", "CVE-2023-4909", "CVE-2023-5129", "CVE-2023-5186", "CVE-2023-5187", "CVE-2023-5217");
  script_tag(name:"creation_date", value:"2024-09-10 12:16:00 +0000 (Tue, 10 Sep 2024)");
  script_version("2024-09-13T05:05:46+0000");
  script_tag(name:"last_modification", value:"2024-09-13 05:05:46 +0000 (Fri, 13 Sep 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-29 18:37:00 +0000 (Fri, 29 Sep 2023)");

  script_name("Fedora: Security Advisory (FEDORA-2023-c890266d3f)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC39");

  script_xref(name:"Advisory-ID", value:"FEDORA-2023-c890266d3f");
  script_xref(name:"URL", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2238432");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2238433");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2238832");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2238833");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2239523");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241119");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241120");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241194");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241195");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'chromium' package(s) announced via the FEDORA-2023-c890266d3f advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"update to 117.0.5938.132. Fixes following security issues:

CVE-2023-5129 CVE-2023-5186

----

Update to 117.0.5938.92.

----

update to 117.0.5938.88

----

update to 117.0.5938.62. Fixes following security issues:

CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904
CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909

----

update to 116.0.5845.187. Fixes following security issue: CVE-2023-4863");

  script_tag(name:"affected", value:"'chromium' package(s) on Fedora 39.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC39") {

  if(!isnull(res = isrpmvuln(pkg:"chromedriver", rpm:"chromedriver~117.0.5938.132~2.fc39", rls:"FC39"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"chromium", rpm:"chromium~117.0.5938.132~2.fc39", rls:"FC39"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"chromium-common", rpm:"chromium-common~117.0.5938.132~2.fc39", rls:"FC39"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"chromium-headless", rpm:"chromium-headless~117.0.5938.132~2.fc39", rls:"FC39"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

fedora 6
nessus 57
debian 2
osv 19
openvas 14
freebsd 2
chrome 3
mageia 1
kaspersky 8
hivepro 1
redhat 22
ubuntucve 4
githubexploit 2
nvd 5
mozilla 1
attackerkb 1
wizblog 1
msrc 1
github 3
citrix 1
rocky 2
f5 1
cve 6
prion 6
redhatcve 1
cnvd 5
alpinelinux 1
photon 3
talosblog 1
thn 1
debiancve 3
cvelist 5
veracode 7
mscve 3
fedora
fedora
[SECURITY] Fedora 39 Update: chromium-117.0.5938.132-2.fc39
2023-10-02 00:16:32
[SECURITY] Fedora 38 Update: chromium-117.0.5938.132-2.fc38
2023-10-02 01:24:41
[SECURITY] Fedora 37 Update: chromium-117.0.5938.132-1.fc37
2023-10-02 00:40:35
nessus
nessus
Fedora 39 : chromium (2023-c890266d3f)
2023-11-07 00:00:00
Debian DSA-5499-1 : chromium - security update
2023-09-19 00:00:00
Google Chrome < 117.0.5938.62 Multiple Vulnerabilities
2023-09-12 00:00:00
debian
debian
[SECURITY] [DSA 5499-1] chromium security update
2023-09-18 21:38:00
[SECURITY] [DSA 5508-1] chromium security update
2023-09-29 17:54:25
osv
osv
chromium - security update
2023-09-18 00:00:00
chromium - security update
2023-09-29 00:00:00
CefSharp affected by heap buffer overflow in WebP
2023-09-21 17:11:42
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0249-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0283)
2023-10-10 00:00:00
Debian: Security Advisory (DSA-5499-1)
2023-09-19 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-09-12 00:00:00
chromium -- multiple vulnerabilities
2023-09-27 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2023-09-12 00:00:00
Stable Channel Update for ChromeOS / ChromeOS Flex
2023-09-26 00:00:00
Stable Channel Update for Desktop
2023-09-27 00:00:00
mageia
mageia
Updated chromium-browser-stable package fixes bugs and vulnerabilities
2023-10-03 13:53:29
kaspersky
kaspersky
KLA60746 Multiple vulnerabilities in Microsoft Browser
2023-09-15 00:00:00
KLA60560 Multiple vulnerabilities in Google Chrome
2023-09-12 00:00:00
KLA60816 Multiple vulnerabilities in Google Chrome
2023-09-27 00:00:00
hivepro
hivepro
Google and Firefox fixes Zero-Day Flaw Exploited in the Wild
2023-10-02 06:29:28
redhat
redhat
(RHSA-2023:5187) Important: firefox security update
2023-09-18 12:53:07
(RHSA-2023:5197) Important: firefox security update
2023-09-18 12:54:43
(RHSA-2023:5192) Important: firefox security update
2023-09-18 12:53:16
ubuntucve
ubuntucve
CVE-2023-5129
2023-09-25 00:00:00
CVE-2023-4900
2023-09-12 00:00:00
CVE-2023-4909
2023-09-12 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Google Chrome
2023-09-30 02:47:16
Exploit for Out-of-bounds Write in Google Chrome
2023-09-29 00:42:37
nvd
nvd
CVE-2023-5129
2023-09-25 21:15:16
CVE-2023-4909
2023-09-12 21:15:09
CVE-2023-4905
2023-09-12 21:15:08
mozilla
mozilla
Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla
2023-09-12 00:00:00
attackerkb
attackerkb
CVE-2023-5129
2023-09-25 00:00:00
wizblog
wizblog
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
2023-10-01 13:31:06
msrc
msrc
Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217
2023-10-02 07:00:00
github
github
CefSharp affected by heap buffer overflow in WebP
2023-09-21 17:11:42
Bundled libwebp in Pillow vulnerable
2023-10-05 00:06:58
Bundled libwebp in imagecodecs vulnerable
2023-10-05 00:07:46
citrix
citrix
Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products
2023-10-06 20:18:12
rocky
rocky
libwebp security update
2023-10-06 22:58:06
thunderbird security update
2023-10-06 22:57:16
f5
f5
K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129
2023-09-29 00:00:00
cve
cve
CVE-2023-5129
2023-09-25 21:15:16
CVE-2023-4905
2023-09-12 21:15:08
CVE-2023-4907
2023-09-12 21:15:08
prion
prion
Open redirect
2023-09-25 21:15:00
Design/Logic Flaw
2023-09-12 21:15:00
Design/Logic Flaw
2023-09-12 21:15:00
redhatcve
redhatcve
CVE-2023-5129
2023-09-27 17:55:08
cnvd
cnvd
Google libwebp open source library remote code execution vulnerability
2023-09-27 00:00:00
Google Chrome Security Bypass Vulnerability (CNVD-2023-75500)
2023-09-17 00:00:00
Google Chrome Security Bypass Vulnerability (CNVD-2023-75499)
2023-09-17 00:00:00
alpinelinux
alpinelinux
CVE-2023-5129
2023-09-25 21:15:16
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0160
2023-12-01 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0657
2023-09-28 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0459
2023-08-28 00:00:00
talosblog
talosblog
The security pitfalls of social media sites offering ID-based authentication
2023-09-28 18:00:11
thn
thn
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
2023-09-28 03:13:00
debiancve
debiancve
CVE-2023-4905
2023-09-12 21:15:08
CVE-2023-4909
2023-09-12 21:15:09
CVE-2023-4907
2023-09-12 21:15:08
cvelist
cvelist
CVE-2023-4906
2023-09-12 20:47:06
CVE-2023-4908
2023-09-12 20:47:07
CVE-2023-4900
2023-09-12 20:47:05
veracode
veracode
Spoofing Attack
2023-10-09 17:25:37
Improper Input Validation
2023-10-09 17:24:27
Improper Input Validation
2023-10-09 17:25:28
mscve
mscve
Chromium: CVE-2023-4907 Inappropriate implementation in Intents
2023-09-15 07:00:00
Chromium: CVE-2023-5186 Use after free in Passwords
2023-09-29 16:25:22
Chromium: CVE-2023-4909 Inappropriate implementation in Interstitials
2023-09-15 07:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.629

Percentile

97.9%

JSON
Related for OPENVAS:136141256231192023998902661003102
fedora6nessus57debian2osv19openvas14freebsd2chrome3mageia1kaspersky8hivepro1redhat22ubuntucve4githubexploit2nvd5mozilla1attackerkb1wizblog1msrc1github3citrix1rocky2f51cve6prion6redhatcve1cnvd5alpinelinux1photon3talosblog1thn1debiancve3cvelist5veracode7mscve3