9.3 - DSA-1988

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	New qt4-x11 packages fix several vulnerabilities

Informations
Name	DSA-1988	First vendor Publication	2010-02-02
Vendor	Debian	Last vendor Modification	2010-02-02
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code.

CVE-2009-1687

The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer.

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs.

CVE-2009-1698

WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVE-2009-1699

The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD.

CVE-2009-1711

WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

CVE-2009-1712

WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

CVE-2009-1713

The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones.

CVE-2009-1725

WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVE-2009-2700

qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

The oldstable distribution (etch) is not affected by these problems.

For the stable distribution (lenny), these problems have been fixed in version 4.4.3-1+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.5.3-1.

We recommend that you upgrade your qt4-x11 packages.

Original Source

Url : http://www.debian.org/security/2010/dsa-1988

CWE : Common Weakness Enumeration

%	Id	Name
30 %	CWE-399	Resource Management Errors
30 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
10 %	CWE-611	Information Leak Through XML External Entity File Disclosure
10 %	CWE-200	Information Exposure
10 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
10 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10260

Oval ID:	oval:org.mitre.oval:def:10260
Title:	The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
Description:	The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1687	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kdelibs is earlier than 6:3.3.1-14.el4 AND kdelibs-devel is earlier than 6:3.3.1-14.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3 AND kdelibs is earlier than 6:3.5.4-22.el5_3 AND kdelibs-devel is earlier than 6:3.5.4-22.el5_3

Definition Id: oval:org.mitre.oval:def:11009

Oval ID:	oval:org.mitre.oval:def:11009
Title:	Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Description:	Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1690	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kdelibs is earlier than 6:3.3.1-14.el4 AND kdelibs-devel is earlier than 6:3.3.1-14.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3 AND kdelibs is earlier than 6:3.5.4-22.el5_3 AND kdelibs-devel is earlier than 6:3.5.4-22.el5_3

Definition Id: oval:org.mitre.oval:def:11584

Oval ID:	oval:org.mitre.oval:def:11584
Title:	Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
Description:	Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0945	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdegraphics-devel is earlier than 7:3.5.4-13.el5_3 AND kdegraphics is earlier than 7:3.5.4-13.el5_3

Definition Id: oval:org.mitre.oval:def:13113

Oval ID:	oval:org.mitre.oval:def:13113
Title:	USN-836-1 -- webkit vulnerabilities
Description:	It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program
Family:	unix	Class:	patch
Reference(s):	USN-836-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1725 CVE-2009-1712	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 9.04	Product(s):	webkit
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND libwebkit-dev DPKG is earlier than 1.0.1-2ubuntu0.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is i386 AND Packages section libwebkit-1.0-1-dbg DPKG is earlier than 1.0.1-2ubuntu0.2 AND libwebkit-1.0-1 DPKG is earlier than 1.0.1-2ubuntu0.2 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND libwebkit-dev DPKG is earlier than 1.0.1-4ubuntu0.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is i386 AND Packages section libwebkit-1.0-1-dbg DPKG is earlier than 1.0.1-4ubuntu0.1 AND libwebkit-1.0-1 DPKG is earlier than 1.0.1-4ubuntu0.1

Definition Id: oval:org.mitre.oval:def:13176

Oval ID:	oval:org.mitre.oval:def:13176
Title:	DSA-1868-1 kde4libs -- several vulnerabilities
Description:	Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:4.1.0-3+lenny1. The oldstable distribution does not contain kde4libs. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 4:4.3.0-1. We recommend that you upgrade your kde4libs packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1868-1 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	kde4libs
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND kdelibs5-data DPKG is earlier than 4.1.0-3+lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section kdelibs5-dev DPKG is earlier than 4.1.0-3+lenny1 AND kdelibs-bin DPKG is earlier than 4.1.0-3+lenny1 AND kdelibs5-dbg DPKG is earlier than 4.1.0-3+lenny1 AND kdelibs5 DPKG is earlier than 4.1.0-3+lenny1

Definition Id: oval:org.mitre.oval:def:13290

Oval ID:	oval:org.mitre.oval:def:13290
Title:	DSA-1867-1 kdelibs -- several vulnerabilities
Description:	Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2. For the oldstable distribution, these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your kdelibs packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1867-1 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	kdelibs
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc DPKG is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs DPKG is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs-data DPKG is earlier than 3.5.10.dfsg.1-0lenny2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section kdelibs4-dev DPKG is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs4c2a DPKG is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs-dbg DPKG is earlier than 3.5.10.dfsg.1-0lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc DPKG is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs DPKG is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs-data DPKG is earlier than 3.5.5a.dfsg.1-8etch2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section kdelibs4-dev DPKG is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs4c2a DPKG is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs-dbg DPKG is earlier than 3.5.5a.dfsg.1-8etch2

Definition Id: oval:org.mitre.oval:def:13466

Oval ID:	oval:org.mitre.oval:def:13466
Title:	USN-829-1 -- qt4-x11 vulnerability
Description:	It was discovered that Qt did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications
Family:	unix	Class:	patch
Reference(s):	USN-829-1 CVE-2009-2700	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04	Product(s):	qt4-x11
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc DPKG is earlier than 4.4.3-0ubuntu1.3 AND qt4-doc-html DPKG is earlier than 4.4.3-0ubuntu1.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libqtgui4 DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-core DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-designer DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-webkit DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql-sqlite2 DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-svg DPKG is earlier than 4.4.3-0ubuntu1.3 AND qt4-qtconfig DPKG is earlier than 4.4.3-0ubuntu1.3 AND qt4-designer DPKG is earlier than 4.4.3-0ubuntu1.3 AND qt4-demos DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-gui DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-xmlpatterns DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-dbus DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql-odbc DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-script DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-xml DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-network DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql-sqlite DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-assistant DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-dev DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-xmlpatterns-dbg DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-qt3support DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql-mysql DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-test DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-opengl-dev DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-webkit-dbg DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-opengl DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-help DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-dbg DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqtcore4 DPKG is earlier than 4.4.3-0ubuntu1.3 AND qt4-dev-tools DPKG is earlier than 4.4.3-0ubuntu1.3 AND libqt4-sql-psql DPKG is earlier than 4.4.3-0ubuntu1.3 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND qt4-doc DPKG is earlier than 4.3.4-0ubuntu3.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section qt4-dev-tools DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-core DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-debug DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-dev DPKG is earlier than 4.3.4-0ubuntu3.1 AND qt4-qtconfig DPKG is earlier than 4.3.4-0ubuntu3.1 AND qt4-designer DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-gui DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-qt3support DPKG is earlier than 4.3.4-0ubuntu3.1 AND libqt4-sql DPKG is earlier than 4.3.4-0ubuntu3.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-doc-html DPKG is earlier than 4.5.0-0ubuntu4.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libqtgui4 DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-core DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-designer DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-demos-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-webkit DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql-sqlite2 DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-svg DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-dev-tools-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-qtconfig DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-designer DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-demos DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-gui DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-xmlpatterns DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-dbus DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql-odbc DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-script DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-xml DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-network DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql-sqlite DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-assistant DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-dev DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-qmake DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-xmlpatterns-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-qt3support DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql-mysql DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-test DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-opengl-dev DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-webkit-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-opengl DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-help DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-dev-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-dbg DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqtcore4 DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-scripttools DPKG is earlier than 4.5.0-0ubuntu4.2 AND qt4-dev-tools DPKG is earlier than 4.5.0-0ubuntu4.2 AND libqt4-sql-psql DPKG is earlier than 4.5.0-0ubuntu4.2

Definition Id: oval:org.mitre.oval:def:13862

Oval ID:	oval:org.mitre.oval:def:13862
Title:	USN-822-1 -- kde4libs, kdelibs vulnerabilities
Description:	It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family:	unix	Class:	patch
Reference(s):	USN-822-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04	Product(s):	kde4libs kdelibs
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc DPKG is earlier than 4:3.5.10-0ubuntu6.1 AND kdelibs DPKG is earlier than 4:3.5.10-0ubuntu6.1 AND kdelibs-data DPKG is earlier than 4:3.5.10-0ubuntu6.1 AND kdelibs5-data DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 AND kdelibs5-doc DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section kdelibs4c2a DPKG is earlier than 4:3.5.10-0ubuntu6.1 AND kdelibs-bin DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 AND kdelibs4-dev DPKG is earlier than 4:3.5.10-0ubuntu6.1 AND kdelibs5-dev DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 AND kdelibs5-dbg DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 AND kdelibs5 DPKG is earlier than 4:4.1.4-0ubuntu1~intrepid1.2 AND kdelibs-dbg DPKG is earlier than 4:3.5.10-0ubuntu6.1 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 AND kdelibs DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 AND kdelibs-data DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section kdelibs4-dev DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 AND kdelibs4c2a DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 AND kdelibs-dbg DPKG is earlier than 4:3.5.10-0ubuntu1~hardy1.2 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs DPKG is earlier than 4:3.5.10.dfsg.1-1ubuntu8.1 AND kdelibs-data DPKG is earlier than 4:3.5.10.dfsg.1-1ubuntu8.1 AND kdelibs5-data DPKG is earlier than 4:4.2.2-0ubuntu5.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section kdelibs4c2a DPKG is earlier than 4:3.5.10.dfsg.1-1ubuntu8.1 AND kdelibs5-dev DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND kdelibs4-dev DPKG is earlier than 4:3.5.10.dfsg.1-1ubuntu8.1 AND libplasma3 DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND kdelibs5-dbg DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND kdelibs5 DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND libplasma-dev DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND kdelibs-bin DPKG is earlier than 4:4.2.2-0ubuntu5.1 AND kdelibs-dbg DPKG is earlier than 4:3.5.10.dfsg.1-1ubuntu8.1

Definition Id: oval:org.mitre.oval:def:13946

Oval ID:	oval:org.mitre.oval:def:13946
Title:	USN-857-1 -- qt4-x11 vulnerabilities
Description:	It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program
Family:	unix	Class:	patch
Reference(s):	USN-857-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1725 CVE-2009-1699 CVE-2009-1713 CVE-2009-1712	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 9.04	Product(s):	qt4-x11
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc DPKG is earlier than 4.4.3-0ubuntu1.4 AND qt4-doc-html DPKG is earlier than 4.4.3-0ubuntu1.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libqtgui4 DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-core DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-designer DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-webkit DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql-sqlite2 DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-svg DPKG is earlier than 4.4.3-0ubuntu1.4 AND qt4-qtconfig DPKG is earlier than 4.4.3-0ubuntu1.4 AND qt4-designer DPKG is earlier than 4.4.3-0ubuntu1.4 AND qt4-demos DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-gui DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-xmlpatterns DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-dbus DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql-odbc DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-script DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-xml DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-network DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql-sqlite DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-assistant DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-dev DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-xmlpatterns-dbg DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-qt3support DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql-mysql DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-test DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-opengl-dev DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-webkit-dbg DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-opengl DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-help DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-dbg DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqtcore4 DPKG is earlier than 4.4.3-0ubuntu1.4 AND qt4-dev-tools DPKG is earlier than 4.4.3-0ubuntu1.4 AND libqt4-sql-psql DPKG is earlier than 4.4.3-0ubuntu1.4 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-doc-html DPKG is earlier than 4.5.0-0ubuntu4.3 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libqtgui4 DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-core DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-designer DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-demos-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-webkit DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql-sqlite2 DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-svg DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-dev-tools-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-qtconfig DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-designer DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-demos DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-gui DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-xmlpatterns DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-dbus DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql-odbc DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-script DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-xml DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-network DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql-sqlite DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-assistant DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-dev DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-qmake DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-xmlpatterns-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-qt3support DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql-mysql DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-test DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-opengl-dev DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-webkit-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-opengl DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-help DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-dev-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-dbg DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqtcore4 DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-scripttools DPKG is earlier than 4.5.0-0ubuntu4.3 AND qt4-dev-tools DPKG is earlier than 4.5.0-0ubuntu4.3 AND libqt4-sql-psql DPKG is earlier than 4.5.0-0ubuntu4.3

Definition Id: oval:org.mitre.oval:def:19394

Oval ID:	oval:org.mitre.oval:def:19394
Title:	DSA-1988-1 qt4-x11 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
Family:	unix	Class:	patch
Reference(s):	DSA-1988-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	qt4-x11
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND qt4-x11 DPKG is earlier than 0:4.4.3-1+lenny1

Definition Id: oval:org.mitre.oval:def:22057

Oval ID:	oval:org.mitre.oval:def:22057
Title:	ELSA-2009:1127: kdelibs security update (Critical)
Description:	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1127-01 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	kdelibs
Definition Synopsis:
Oracle Linux 5.x rpm test kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3 AND kdelibs is earlier than 6:3.5.4-22.el5_3 AND kdelibs-devel is earlier than 6:3.5.4-22.el5_3

Definition Id: oval:org.mitre.oval:def:29301

Oval ID:	oval:org.mitre.oval:def:29301
Title:	RHSA-2009:1127 -- kdelibs security update (Critical)
Description:	Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE).
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1127 CESA-2009:1127-CentOS 5 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	kdelibs
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section kdelibs-devel is earlier than 6:3.5.4-22.el5_3 AND kdelibs is earlier than 6:3.5.4-22.el5_3 AND kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section kdelibs is earlier than 6:3.3.1-14.el4 AND kdelibs-devel is earlier than 6:3.3.1-14.el4 AND CentOS Linux 5 release section The operating system installed on the system is CentOS Linux 5.x Packages match section kdelibs is earlier than 6:3.5.4-22.el5.centos AND kdelibs-apidocs is earlier than 6:3.5.4-22.el5.centos AND kdelibs-devel is earlier than 6:3.5.4-22.el5.centos

Definition Id: oval:org.mitre.oval:def:5777

Oval ID:	oval:org.mitre.oval:def:5777
Title:	Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.
Description:	WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1725	Version:	9
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	Apple Safari
Definition Synopsis:
Apple Safari is installed AND Safari.exe version is less than 4.530.19.1 (4.0.2)

Definition Id: oval:org.mitre.oval:def:6923

Oval ID:	oval:org.mitre.oval:def:6923
Title:	DSA-1988 qt4-x11 -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems: Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that triggers write access to an "offset of a NULL pointer. Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. WebKit in qt4-x11 does not initialise a pointer during handling of a Cascading Style Sheets attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. WebKit in qt4-x11 does not properly initialise memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. qt4-x11 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution is not affected by these problems.
Family:	unix	Class:	patch
Reference(s):	DSA-1988 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	qt4-x11
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section qt4-doc is earlier than 4.4.3-1+lenny1 AND qt4-doc-html is earlier than 4.4.3-1+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libqtgui4 is earlier than 4.4.3-1+lenny1 AND qt4-dev-tools is earlier than 4.4.3-1+lenny1 AND libqt4-designer is earlier than 4.4.3-1+lenny1 AND libqt4-core is earlier than 4.4.3-1+lenny1 AND libqt4-webkit is earlier than 4.4.3-1+lenny1 AND libqt4-sql-sqlite2 is earlier than 4.4.3-1+lenny1 AND libqt4-svg is earlier than 4.4.3-1+lenny1 AND libqtcore4 is earlier than 4.4.3-1+lenny1 AND qt4-designer is earlier than 4.4.3-1+lenny1 AND qt4-demos is earlier than 4.4.3-1+lenny1 AND libqt4-gui is earlier than 4.4.3-1+lenny1 AND libqt4-help is earlier than 4.4.3-1+lenny1 AND libqt4-dbus is earlier than 4.4.3-1+lenny1 AND libqt4-sql-odbc is earlier than 4.4.3-1+lenny1 AND libqt4-script is earlier than 4.4.3-1+lenny1 AND libqt4-xml is earlier than 4.4.3-1+lenny1 AND libqt4-network is earlier than 4.4.3-1+lenny1 AND libqt4-opengl is earlier than 4.4.3-1+lenny1 AND libqt4-assistant is earlier than 4.4.3-1+lenny1 AND libqt4-dev is earlier than 4.4.3-1+lenny1 AND qt4-qmake is earlier than 4.4.3-1+lenny1 AND libqt4-xmlpatterns-dbg is earlier than 4.4.3-1+lenny1 AND libqt4-qt3support is earlier than 4.4.3-1+lenny1 AND libqt4-sql-mysql is earlier than 4.4.3-1+lenny1 AND libqt4-test is earlier than 4.4.3-1+lenny1 AND libqt4-opengl-dev is earlier than 4.4.3-1+lenny1 AND libqt4-webkit-dbg is earlier than 4.4.3-1+lenny1 AND libqt4-sql-sqlite is earlier than 4.4.3-1+lenny1 AND libqt4-sql is earlier than 4.4.3-1+lenny1 AND libqt4-xmlpatterns is earlier than 4.4.3-1+lenny1 AND libqt4-dbg is earlier than 4.4.3-1+lenny1 AND qt4-qtconfig is earlier than 4.4.3-1+lenny1 AND libqt4-sql-psql is earlier than 4.4.3-1+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is powerpc AND libqt4-sql-ibase is earlier than 4.4.3-1+lenny1

Definition Id: oval:org.mitre.oval:def:7524

Oval ID:	oval:org.mitre.oval:def:7524
Title:	DSA-1868 kde4libs -- several vulnerabilities
Description:	Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. The oldstable distribution (etch) does not contain kde4libs.
Family:	unix	Class:	patch
Reference(s):	DSA-1868 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687	Version:	3
Platform(s):	Debian GNU/Linux 5.0	Product(s):	kde4libs
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND kdelibs5-data is earlier than 4.1.0-3+lenny1 AND kdelibs5-dev is earlier than 4.1.0-3+lenny1 AND kdelibs-bin is earlier than 4.1.0-3+lenny1 AND kdelibs5-dbg is earlier than 4.1.0-3+lenny1 AND kdelibs5 is earlier than 4.1.0-3+lenny1

Definition Id: oval:org.mitre.oval:def:8086

Oval ID:	oval:org.mitre.oval:def:8086
Title:	DSA-1867 kdelibs -- several vulnerabilities
Description:	Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
Family:	unix	Class:	patch
Reference(s):	DSA-1867 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	kdelibs
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs-data is earlier than 3.5.10.dfsg.1-0lenny2 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section kdelibs4-dev is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs4c2a is earlier than 3.5.10.dfsg.1-0lenny2 AND kdelibs-dbg is earlier than 3.5.10.dfsg.1-0lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section kdelibs4-doc is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs-data is earlier than 3.5.5a.dfsg.1-8etch2 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section kdelibs4-dev is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs4c2a is earlier than 3.5.5a.dfsg.1-8etch2 AND kdelibs-dbg is earlier than 3.5.5a.dfsg.1-8etch2

Definition Id: oval:org.mitre.oval:def:9484

Oval ID:	oval:org.mitre.oval:def:9484
Title:	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Description:	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1698	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kdelibs is earlier than 6:3.1.3-6.13 AND kdelibs-devel is earlier than 6:3.1.3-6.13 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kdelibs is earlier than 6:3.3.1-14.el4 AND kdelibs-devel is earlier than 6:3.3.1-14.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3 AND kdelibs is earlier than 6:3.5.4-22.el5_3 AND kdelibs-devel is earlier than 6:3.5.4-22.el5_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apple Safari cpe:2.3:a:apple:safari:4beta:::::::* cpe:2.3:a:apple:safari:4.0.1:::::::* cpe:2.3:a:apple:safari:4.0.1:-:mac:::::* cpe:2.3:a:apple:safari:4.0.0b:::::::* cpe:2.3:a:apple:safari:4.0.0b:-:mac:::::* cpe:2.3:a:apple:safari:4.0_beta::mac::::: cpe:2.3:a:apple:safari:4.0_beta:-:mac:::::* cpe:2.3:a:apple:safari:4.0_beta:528.16:::::: cpe:2.3:a:apple:safari:4.0:::::::* cpe:2.3:a:apple:safari:4.0:beta:::::: cpe:2.3:a:apple:safari:4.0:-:mac:::::* cpe:2.3:a:apple:safari:4:beta:windows:::::* cpe:2.3:a:apple:safari:3.2.3::windows::::: cpe:2.3:a:apple:safari:3.2.3::mac::::: cpe:2.3:a:apple:safari:3.2.3:-:windows:::::* cpe:2.3:a:apple:safari:3.2.3:-:mac:::::* cpe:2.3:a:apple:safari:3.2.3:::::::* cpe:2.3:a:apple:safari:3.2.2b:-:windows:::::* cpe:2.3:a:apple:safari:3.2.2:::::::* cpe:2.3:a:apple:safari:3.2.2:-:windows:::::* cpe:2.3:a:apple:safari:3.2.2::windows::::: cpe:2.3:a:apple:safari:3.2.1b:-:windows:::::* cpe:2.3:a:apple:safari:3.2.1:::::::* cpe:2.3:a:apple:safari:3.2.1::mac::::: cpe:2.3:a:apple:safari:3.2.1::windows::::: cpe:2.3:a:apple:safari:3.2.1:-:mac:::::* cpe:2.3:a:apple:safari:3.2.1:-:windows:::::* cpe:2.3:a:apple:safari:3.2.0b:-:windows:::::* cpe:2.3:a:apple:safari:3.2.0:::::::* cpe:2.3:a:apple:safari:3.2:::::::* cpe:2.3:a:apple:safari:3.2:-:windows:::::* cpe:2.3:a:apple:safari:3.2::windows::::: cpe:2.3:a:apple:safari:3.2:-:mac:::::* cpe:2.3:a:apple:safari:3.1.2b:-:windows:::::* cpe:2.3:a:apple:safari:3.1.2:::::::* cpe:2.3:a:apple:safari:3.1.2::mac::::: cpe:2.3:a:apple:safari:3.1.2::windows::::: cpe:2.3:a:apple:safari:3.1.2:-:mac:::::* cpe:2.3:a:apple:safari:3.1.2:-:windows:::::* cpe:2.3:a:apple:safari:3.1.1b:-:windows:::::* cpe:2.3:a:apple:safari:3.1.1:::::::* cpe:2.3:a:apple:safari:3.1.1::windows::::: cpe:2.3:a:apple:safari:3.1.1::mac::::: cpe:2.3:a:apple:safari:3.1.1:-:windows:::::* cpe:2.3:a:apple:safari:3.1.1:-:mac:::::* cpe:2.3:a:apple:safari:3.1.0b:::::::* cpe:2.3:a:apple:safari:3.1.0b:-:windows:::::* cpe:2.3:a:apple:safari:3.1.0:::::::* cpe:2.3:a:apple:safari:3.1.0:-:mac:::::* cpe:2.3:a:apple:safari:3.1:::::::* cpe:2.3:a:apple:safari:3.1::windows::::: cpe:2.3:a:apple:safari:3.1::mac::::: cpe:2.3:a:apple:safari:3.1:-:mac:::::* cpe:2.3:a:apple:safari:3.1:-:windows:::::* cpe:2.3:a:apple:safari:3.0.4b:::::::* cpe:2.3:a:apple:safari:3.0.4b:-:windows:::::* cpe:2.3:a:apple:safari:3.0.4_beta:::::::* cpe:2.3:a:apple:safari:3.0.4_beta::windows::::: cpe:2.3:a:apple:safari:3.0.4_beta::~~~windows~~::::: cpe:2.3:a:apple:safari:3.0.4:::::::* cpe:2.3:a:apple:safari:3.0.4:-:mac:::::* cpe:2.3:a:apple:safari:3.0.4::windows::::: cpe:2.3:a:apple:safari:3.0.4::mac::::: cpe:2.3:a:apple:safari:3.0.4:-:windows:::::* cpe:2.3:a:apple:safari:3.0.3b:::::::* cpe:2.3:a:apple:safari:3.0.3b:-:windows:::::* cpe:2.3:a:apple:safari:3.0.3:::::::* cpe:2.3:a:apple:safari:3.0.3:-:mac:::::* cpe:2.3:a:apple:safari:3.0.3::windows::::: cpe:2.3:a:apple:safari:3.0.3::mac::::: cpe:2.3:a:apple:safari:3.0.3:-:windows:::::* cpe:2.3:a:apple:safari:3.0.3:522.15.5:::::: cpe:2.3:a:apple:safari:3.0.3::~~~windows~~::::: cpe:2.3:a:apple:safari:3.0.2b:::::::* cpe:2.3:a:apple:safari:3.0.2b:-:windows:::::* cpe:2.3:a:apple:safari:3.0.2:::::::* cpe:2.3:a:apple:safari:3.0.2:-:mac:::::* cpe:2.3:a:apple:safari:3.0.2::windows::::: cpe:2.3:a:apple:safari:3.0.2:-:windows:::::* cpe:2.3:a:apple:safari:3.0.2::~~~windows~~::::: cpe:2.3:a:apple:safari:3.0.1b:::::::* cpe:2.3:a:apple:safari:3.0.1b:-:windows:::::* cpe:2.3:a:apple:safari:3.0.1:::::::* cpe:2.3:a:apple:safari:3.0.1:beta:::::: cpe:2.3:a:apple:safari:3.0.1:-:mac:::::* cpe:2.3:a:apple:safari:3.0.1::windows::::: cpe:2.3:a:apple:safari:3.0.1:-:windows:::::* cpe:2.3:a:apple:safari:3.0.1::~~~windows~~::::: cpe:2.3:a:apple:safari:3.0.0b:::::::* cpe:2.3:a:apple:safari:3.0.0b:-:windows:::::* cpe:2.3:a:apple:safari:3.0.0:::::::* cpe:2.3:a:apple:safari:3.0.0:-:mac:::::* cpe:2.3:a:apple:safari:3.0:::::::* cpe:2.3:a:apple:safari:3.0::windows::::: cpe:2.3:a:apple:safari:3.0::mac::::: cpe:2.3:a:apple:safari:3.0:-:windows:::::* cpe:2.3:a:apple:safari:3.0:-:mac:::::* cpe:2.3:a:apple:safari:3.0::~~~windows~~::::: cpe:2.3:a:apple:safari:3:::::::* cpe:2.3:a:apple:safari:2.0.4_419.3:::::::* cpe:2.3:a:apple:safari:2.0.4:::::::* cpe:2.3:a:apple:safari:2.0.4:-:mac:::::* cpe:2.3:a:apple:safari:2.0.4::mac::::: cpe:2.3:a:apple:safari:2.0.3_417.9.3:::::::* cpe:2.3:a:apple:safari:2.0.3_417.9.3::mac_os_x_10.4.6::::: cpe:2.3:a:apple:safari:2.0.3:417.9:::::: cpe:2.3:a:apple:safari:2.0.3:417.9.2:::::: cpe:2.3:a:apple:safari:2.0.3:417.9.3:::::: cpe:2.3:a:apple:safari:2.0.3:417.8:::::: cpe:2.3:a:apple:safari:2.0.3:::::::* cpe:2.3:a:apple:safari:2.0.3:-:mac:::::* cpe:2.3:a:apple:safari:2.0.2:::::::* cpe:2.3:a:apple:safari:2.0.2::mac::::: cpe:2.3:a:apple:safari:2.0.2:-:mac:::::* cpe:2.3:a:apple:safari:2.0.1:::::::* cpe:2.3:a:apple:safari:2.0.1:-:mac:::::* cpe:2.3:a:apple:safari:2.0.0:::::::* cpe:2.3:a:apple:safari:2.0.0:-:mac:::::* cpe:2.3:a:apple:safari:2.0_pre:::::::* cpe:2.3:a:apple:safari:2.0:::::::* cpe:2.3:a:apple:safari:2.0::mac::::: cpe:2.3:a:apple:safari:2.0:-:mac:::::* cpe:2.3:a:apple:safari:2:::::::* cpe:2.3:a:apple:safari:1.3.2:::::::* cpe:2.3:a:apple:safari:1.3.2:312.6:::::: cpe:2.3:a:apple:safari:1.3.2:312.5:::::: cpe:2.3:a:apple:safari:1.3.2::mac::::: cpe:2.3:a:apple:safari:1.3.2:-:mac:::::* cpe:2.3:a:apple:safari:1.3.1:::::::* cpe:2.3:a:apple:safari:1.3.1::mac::::: cpe:2.3:a:apple:safari:1.3.1:-:mac:::::* cpe:2.3:a:apple:safari:1.3.0:::::::* cpe:2.3:a:apple:safari:1.3:::::::* cpe:2.3:a:apple:safari:1.3::mac::::: cpe:2.3:a:apple:safari:1.3:-:mac:::::* cpe:2.3:a:apple:safari:1.2.5:::::::* cpe:2.3:a:apple:safari:1.2.5:-:mac:::::* cpe:2.3:a:apple:safari:1.2.4:::::::* cpe:2.3:a:apple:safari:1.2.4:-:mac:::::* cpe:2.3:a:apple:safari:1.2.3:::::::* cpe:2.3:a:apple:safari:1.2.3:-:mac:::::* cpe:2.3:a:apple:safari:1.2.2:::::::* cpe:2.3:a:apple:safari:1.2.2:-:mac:::::* cpe:2.3:a:apple:safari:1.2.1:::::::* cpe:2.3:a:apple:safari:1.2.1:-:mac:::::* cpe:2.3:a:apple:safari:1.2.0:::::::* cpe:2.3:a:apple:safari:1.2.0:-:mac:::::* cpe:2.3:a:apple:safari:1.2:::::::* cpe:2.3:a:apple:safari:1.2::mac::::: cpe:2.3:a:apple:safari:1.2:-:mac:::::* cpe:2.3:a:apple:safari:1.1.1:::::::* cpe:2.3:a:apple:safari:1.1.0:::::::* cpe:2.3:a:apple:safari:1.1:::::::* cpe:2.3:a:apple:safari:1.1::mac::::: cpe:2.3:a:apple:safari:1.1:-:mac:::::* cpe:2.3:a:apple:safari:1.0b1:-:mac:::::* cpe:2.3:a:apple:safari:1.0.3:::::::* cpe:2.3:a:apple:safari:1.0.3:85.8.1:::::: cpe:2.3:a:apple:safari:1.0.3:85.8:::::: cpe:2.3:a:apple:safari:1.0.3::mac::::: cpe:2.3:a:apple:safari:1.0.3:-:mac:::::* cpe:2.3:a:apple:safari:1.0.2:::::::* cpe:2.3:a:apple:safari:1.0.1:::::::* cpe:2.3:a:apple:safari:1.0.0b2:::::::* cpe:2.3:a:apple:safari:1.0.0b1:::::::* cpe:2.3:a:apple:safari:1.0.0:::::::* cpe:2.3:a:apple:safari:1.0.0:-:mac:::::* cpe:2.3:a:apple:safari:1.0:beta:::::: cpe:2.3:a:apple:safari:1.0:::::::* cpe:2.3:a:apple:safari:1.0:beta2:::::: cpe:2.3:a:apple:safari:1.0::mac::::: cpe:2.3:a:apple:safari:1.0:-:mac:::::* cpe:2.3:a:apple:safari:0.9:::::::* cpe:2.3:a:apple:safari:0.9::mac::::: cpe:2.3:a:apple:safari:0.9:-:mac:::::* cpe:2.3:a:apple:safari:0.8:::::::* cpe:2.3:a:apple:safari:0.8::mac::::: cpe:2.3:a:apple:safari:0.8:-:mac:::::* cpe:2.3:a:apple:safari:beta2:::::::* cpe:2.3:a:apple:safari:::::::: cpe:2.3:a:apple:safari:::windows:::::* cpe:2.3:a:apple:safari:-:::::::*	182
Application	Google Chrome cpe:2.3:a:google:chrome:1.0.154.53:::::::*	1
Application	Qt cpe:2.3:a:qt:qt:4.8.4:::::::* cpe:2.3:a:qt:qt:4.8.3:::::::* cpe:2.3:a:qt:qt:4.8.2:::::::* cpe:2.3:a:qt:qt:4.8.1:::::::* cpe:2.3:a:qt:qt:4.8.0:::::::* cpe:2.3:a:qt:qt:4.7.5:::::::* cpe:2.3:a:qt:qt:4.7.4:::::::* cpe:2.3:a:qt:qt:4.7.3:::::::* cpe:2.3:a:qt:qt:4.7.2:::::::* cpe:2.3:a:qt:qt:4.7.1:::::::* cpe:2.3:a:qt:qt:4.7.0:::::::* cpe:2.3:a:qt:qt:4.6.4:::::::* cpe:2.3:a:qt:qt:4.6.3:::::::* cpe:2.3:a:qt:qt:4.6.2:::::::* cpe:2.3:a:qt:qt:4.6.1:::::::* cpe:2.3:a:qt:qt:4.6.0:::::::* cpe:2.3:a:qt:qt:4.6.0:rc1:::::: cpe:2.3:a:qt:qt:4.5.3:::::::* cpe:2.3:a:qt:qt:4.5.2:::::::* cpe:2.3:a:qt:qt:4.5.1:::::::* cpe:2.3:a:qt:qt:4.5.0:::::::* cpe:2.3:a:qt:qt:4.4.3:::::::* cpe:2.3:a:qt:qt:4.4.2:::::::* cpe:2.3:a:qt:qt:4.4.1:::::::* cpe:2.3:a:qt:qt:4.4.0:::::::* cpe:2.3:a:qt:qt:4.3.5:::::::* cpe:2.3:a:qt:qt:4.3.4:::::::* cpe:2.3:a:qt:qt:4.3.3:::::::* cpe:2.3:a:qt:qt:4.3.2:::::::* cpe:2.3:a:qt:qt:4.3.1:::::::* cpe:2.3:a:qt:qt:4.3.0:::::::* cpe:2.3:a:qt:qt:4.2.3:::::::* cpe:2.3:a:qt:qt:4.2.1:::::::* cpe:2.3:a:qt:qt:4.2.0:::::::* cpe:2.3:a:qt:qt:4.1.5:::::::* cpe:2.3:a:qt:qt:4.1.4:::::::* cpe:2.3:a:qt:qt:4.1.3:::::::* cpe:2.3:a:qt:qt:4.1.2:::::::* cpe:2.3:a:qt:qt:4.1.1:::::::* cpe:2.3:a:qt:qt:4.1.0:::::::* cpe:2.3:a:qt:qt:4.0.1:::::::* cpe:2.3:a:qt:qt:4.0.0:::::::*	42
Os	Apple Iphone Os cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.2.1:::::::* cpe:2.3:o:apple:iphone_os:2.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.2:::::::* cpe:2.3:o:apple:iphone_os:2.1.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:::::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:::::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:::::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:::::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:::::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:::::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.1:::::::* cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.0:::::::* cpe:2.3:o:apple:iphone_os:1.0:::::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:iphone_os:::~~~~ipad2~:::::* cpe:2.3:o:apple:iphone_os:::~~~~iphone~:::::* cpe:2.3:o:apple:iphone_os:::~~~~ipodtouch~:::::* cpe:2.3:o:apple:iphone_os::::::ipod_touch::* cpe:2.3:o:apple:iphone_os:::::::ipad2:* cpe:2.3:o:apple:iphone_os:::::::iphone:* cpe:2.3:o:apple:iphone_os:::::::ipodtouch:* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:iphone_os:-::~~~~ipad2~::::: cpe:2.3:o:apple:iphone_os:-::~~~~iphone~::::: cpe:2.3:o:apple:iphone_os:-::~~~~ipodtouch~::::: cpe:2.3:o:apple:iphone_os:-::::::ipad2: cpe:2.3:o:apple:iphone_os:-::::::iphone: cpe:2.3:o:apple:iphone_os:-::::::ipodtouch:	59
Os	Apple Safari cpe:2.3:o:apple:safari::::::::	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*	2
Os	Opensuse cpe:2.3:o:opensuse:opensuse:11.3:::::::* cpe:2.3:o:opensuse:opensuse:11.2:::::::*	2

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for kdegraphics CESA-2009:1130 centos5 i386 File : nvt/gb_CESA-2009_1130_kdegraphics_centos5_i386.nasl
2011-08-09	Name : CentOS Update for kdelibs CESA-2009:1128 centos3 i386 File : nvt/gb_CESA-2009_1128_kdelibs_centos3_i386.nasl
2011-08-09	Name : CentOS Update for kdelibs CESA-2009:1127 centos5 i386 File : nvt/gb_CESA-2009_1127_kdelibs_centos5_i386.nasl
2010-05-28	Name : Fedora Update for kdelibs FEDORA-2010-8547 File : nvt/gb_fedora_2010_8547_kdelibs_fc11.nasl
2010-05-17	Name : Fedora Update for qt FEDORA-2010-8379 File : nvt/gb_fedora_2010_8379_qt_fc11.nasl
2010-05-12	Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-04-19	Name : Fedora Update for kdelibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl
2010-01-29	Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2009-12-14	Name : Mandriva Security Advisory MDVSA-2009:331 (kdegraphics) File : nvt/mdksa_2009_331.nasl
2009-12-14	Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs) File : nvt/mdksa_2009_330.nasl
2009-11-17	Name : SLES10: Security update for Qt3 File : nvt/sles10_dbus-1-qt.nasl
2009-11-17	Name : SLES11: Security update for libqt4 File : nvt/sles11_libqt4.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-11-17	Name : Fedora Core 10 FEDORA-2009-11488 (qt) File : nvt/fcore_2009_11488.nasl
2009-11-17	Name : Fedora Core 11 FEDORA-2009-11491 (qt) File : nvt/fcore_2009_11491.nasl
2009-11-11	Name : Ubuntu USN-857-1 (qt4-x11) File : nvt/ubuntu_857_1.nasl
2009-09-28	Name : Ubuntu USN-836-1 (webkit) File : nvt/ubuntu_836_1.nasl
2009-09-15	Name : Fedora Core 11 FEDORA-2009-9391 (kdelibs3) File : nvt/fcore_2009_9391.nasl
2009-09-15	Name : Fedora Core 10 FEDORA-2009-9400 (kdelibs3) File : nvt/fcore_2009_9400.nasl
2009-09-15	Name : Ubuntu USN-829-1 (qt4-x11) File : nvt/ubuntu_829_1.nasl
2009-09-15	Name : Mandrake Security Advisory MDVSA-2009:225 (qt4) File : nvt/mdksa_2009_225.nasl
2009-09-09	Name : Fedora Core 11 FEDORA-2009-9231 (qt) File : nvt/fcore_2009_9231.nasl
2009-09-09	Name : Fedora Core 10 FEDORA-2009-9232 (qt) File : nvt/fcore_2009_9232.nasl
2009-09-02	Name : Fedora Core 10 FEDORA-2009-8802 (qt) File : nvt/fcore_2009_8802.nasl
2009-09-02	Name : Fedora Core 11 FEDORA-2009-8800 (qt) File : nvt/fcore_2009_8800.nasl
2009-09-02	Name : Ubuntu USN-823-1 (kdegraphics) File : nvt/ubuntu_823_1.nasl
2009-09-02	Name : Ubuntu USN-822-1 (kdelibs) File : nvt/ubuntu_822_1.nasl
2009-09-02	Name : Debian Security Advisory DSA 1866-1 (kdegraphics) File : nvt/deb_1866_1.nasl
2009-09-02	Name : Debian Security Advisory DSA 1867-1 (kdelibs) File : nvt/deb_1867_1.nasl
2009-09-02	Name : Debian Security Advisory DSA 1868-1 (kde4libs) File : nvt/deb_1868_1.nasl
2009-07-29	Name : Fedora Core 11 FEDORA-2009-8046 (kdelibs3) File : nvt/fcore_2009_8046.nasl
2009-07-29	Name : Fedora Core 11 FEDORA-2009-6166 (webkitgtk) File : nvt/fcore_2009_6166.nasl
2009-07-29	Name : Fedora Core 10 FEDORA-2009-8020 (kdelibs3) File : nvt/fcore_2009_8020.nasl
2009-07-29	Name : Fedora Core 11 FEDORA-2009-8039 (kdelibs) File : nvt/fcore_2009_8039.nasl
2009-07-29	Name : Fedora Core 10 FEDORA-2009-8049 (kdelibs) File : nvt/fcore_2009_8049.nasl
2009-07-12	Name : Apple Safari DoS or XSS Vulnerability - July09 File : nvt/gb_apple_safari_dos_n_xss_vuln_jul09.nasl
2009-06-30	Name : CentOS Security Advisory CESA-2009:1130 (kdegraphics) File : nvt/ovcesa2009_1130.nasl
2009-06-30	Name : CentOS Security Advisory CESA-2009:1128 (kdelibs) File : nvt/ovcesa2009_1128.nasl
2009-06-30	Name : CentOS Security Advisory CESA-2009:1127 (kdelibs) File : nvt/ovcesa2009_1127.nasl
2009-06-30	Name : RedHat Security Advisory RHSA-2009:1127 File : nvt/RHSA_2009_1127.nasl
2009-06-30	Name : RedHat Security Advisory RHSA-2009:1130 File : nvt/RHSA_2009_1130.nasl
2009-06-30	Name : RedHat Security Advisory RHSA-2009:1128 File : nvt/RHSA_2009_1128.nasl
2009-06-16	Name : Apple Safari Multiple Vulnerabilities June-09 (Win) - II File : nvt/gb_apple_safari_mult_vuln_jun09_2.nasl
2009-06-16	Name : Apple Safari Multiple Vulnerabilities June-09 (Win) - I File : nvt/gb_apple_safari_mult_vuln_jun09_1.nasl
2009-06-05	Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
57633	Qt X.509 Certificate Authority (CA) Subject Alternative Name Null Byte Handli...
55739	Apple Safari WebKit Numeric Character References Handling Memory Corruption
55418	KDE Konqueror WebKit JavaScript Garbage Collector Allocation Failure NULL Poi...
55417	KDE Konqueror WebKit CSS attr Function Uninitialized Pointer Issue Arbitrary ...
55416	KDE Konqueror WebKit head HTML Tag Handling DoS
55414	KDE Konqueror WebKit DOM Error Event Recursion Handling Memory Corruption
55042	Google Chrome WebKit HTML Error Handling Use After Free Memory Corruption
55022	Apple Safari WebKit Arbitrary Local Java Applet Access
55015	Apple Safari WebKit Attr DOM Object Handling Arbitrary Code Execution
55006	Apple iPhone / Safari WebKit CSS attr() Function Uninitialized Pointer Issue ...
54990	Apple Safari WebKit DOM Error Event Recursion Handling Memory Corruption
54985	Apple Safari WebKit JavaScript Garbage Collector Allocation Failure NULL Poin...
54975	Apple Safari WebKit XSLT document() Function Information Disclosure
54972	Apple Safari WebKit XML External Entity Handling Arbitrary File Disclosure
54500	Google Chrome WebKit SVGList Object Handling Memory Corruption
54455	Apple Safari WebKit SVGList Object Handling Memory Corruption

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1128.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1127.nasl - Type : ACT_GATHER_INFO
2013-03-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-823-1.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdegraphics_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdelibs_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdelibs3-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdelibs4-101103.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO
2010-12-10	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-7235.nasl - Type : ACT_GATHER_INFO
2010-12-09	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs3-101103.nasl - Type : ACT_GATHER_INFO
2010-12-09	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdelibs3-7217.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dbus-1-qt-6645.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1866.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1988.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1950.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1868.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1867.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1127.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1130.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO
2009-11-13	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libqt4-091106.nasl - Type : ACT_GATHER_INFO
2009-11-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_dbus-1-qt-6644.nasl - Type : ACT_GATHER_INFO
2009-11-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libqt4-091106.nasl - Type : ACT_GATHER_INFO
2009-11-13	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libqt4-091106.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-857-1.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-836-1.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-829-1.nasl - Type : ACT_GATHER_INFO
2009-09-09	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-225.nasl - Type : ACT_GATHER_INFO
2009-09-03	Name : The remote Fedora host is missing a security update. File : fedora_2009-9231.nasl - Type : ACT_GATHER_INFO
2009-09-03	Name : The remote Fedora host is missing a security update. File : fedora_2009-9232.nasl - Type : ACT_GATHER_INFO
2009-08-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-822-1.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-8802.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-8800.nasl - Type : ACT_GATHER_INFO
2009-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2009-8049.nasl - Type : ACT_GATHER_INFO
2009-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2009-8046.nasl - Type : ACT_GATHER_INFO
2009-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2009-8039.nasl - Type : ACT_GATHER_INFO
2009-07-29	Name : The remote Fedora host is missing a security update. File : fedora_2009-8020.nasl - Type : ACT_GATHER_INFO
2009-07-13	Name : The remote Fedora host is missing a security update. File : fedora_2009-6166.nasl - Type : ACT_GATHER_INFO
2009-07-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_2.nasl - Type : ACT_GATHER_INFO
2009-07-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0_2.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1127.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1130.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1128.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1128.nasl - Type : ACT_GATHER_INFO
2009-06-11	Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_31.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO
2009-05-15	Name : The remote host contains a web browser that is affected by a remote code exec... File : google_chrome_1_0_154_65.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_3_2_3.nasl - Type : ACT_GATHER_INFO
2009-05-13	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:29:12	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	10
Oval ID(s)	17
CPE ID(s)	289
osvdb(s)	16
Openvas Exploit(s)	45
Nessus® Exploit(s)	54

	Related
9.3	CVE-2009-1725
9.3	CVE-2009-1712
9.3	CVE-2009-1711
9.3	CVE-2009-1698
9.3	CVE-2009-1690
9.3	CVE-2009-1687
9.3	CVE-2009-0945
7.5	CVE-2009-1699
7.1	CVE-2009-1713
4.3	CVE-2009-2700
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)