All the vulnerabilites related to xmlsoft - libxslt
Vulnerability from fkie_nvd
Published
2011-03-11 02:01
Modified
2024-11-21 01:25
Severity ?
Summary
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7AD8B5C-C973-4445-B111-716D9814CE79",
"versionEndExcluding": "10.0.648.127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la implementaci\u00f3n XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las direcciones de memoria en el mont\u00f3n mediante vectores desconocidos."
}
],
"id": "CVE-2011-1202",
"lastModified": "2024-11-21T01:25:47.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-11T02:01:20.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-03 19:15
Modified
2024-11-21 06:04
Severity ?
Summary
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| xmlsoft | libxslt | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B0BF7DD-0FAE-4761-B2CD-7D14E83A7B6F",
"versionEndExcluding": "91.0.4472.164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E7A28AB-D5DA-4F00-9795-4DA4951B4E75",
"versionEndExcluding": "1.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Un uso de memoria previamente liberada en Blink XSLT en Google Chrome versiones anteriores a 91.0.4472.164, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2021-30560",
"lastModified": "2024-11-21T06:04:11.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-03T19:15:08.127",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://crbug.com/1219209"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://crbug.com/1219209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2024-11-21 02:52
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE-2016-4608, CVE-2016-4610 y CVE-2016-4612."
}
],
"id": "CVE-2016-4609",
"lastModified": "2024-11-21T02:52:36.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:32.977",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-03 03:15
Modified
2024-11-21 06:59
Severity ?
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89C29E70-5CC5-43AF-8373-9E7AD6F2F700",
"versionEndExcluding": "2.9.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8E0B72-62EC-47B5-9957-4DC840F5E968",
"versionEndIncluding": "1.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
"matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well."
},
{
"lang": "es",
"value": "En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de b\u00faferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. Esto puede resultar en escrituras de memoria fuera de l\u00edmites. La explotaci\u00f3n requiere que la v\u00edctima abra un archivo XML dise\u00f1ado de varios gigabytes. Otro software usando las funciones de b\u00fafer de libxml2, por ejemplo libxslt versiones hasta 1.1.35, tambi\u00e9n est\u00e1 afectado"
}
],
"id": "CVE-2022-29824",
"lastModified": "2024-11-21T06:59:45.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-03T03:15:06.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2024-11-21 02:52
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4608, CVE2016-4609, CVE-2016-4610 y CVE-2016-4612."
}
],
"id": "CVE-2016-4607",
"lastModified": "2024-11-21T02:52:36.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:30.350",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-05 21:59
Modified
2024-11-21 02:39
Severity ?
Summary
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.gnome.org/show_bug.cgi?id=758400 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=934119 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.gnome.org/show_bug.cgi?id=758400 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=934119 | Issue Tracking, Patch, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F61C01E-4FE8-4543-9BB7-BC8929689BCB",
"versionEndIncluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
},
{
"lang": "es",
"value": "En libxslt 1.1.29 y anteriores, la funci\u00f3n EXSLT math.random no se inici\u00f3 con una seed aleatoria durante el arranque, lo que podr\u00eda hacer que el uso de esta funci\u00f3n produzca salidas predecibles."
}
],
"id": "CVE-2015-9019",
"lastModified": "2024-11-21T02:39:40.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-05T21:59:00.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-18 21:15
Modified
2024-11-21 04:32
Severity ?
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| linux | linux_kernel | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
},
{
"lang": "es",
"value": "En la funci\u00f3n xsltCopyText en el archivo transform.c en libxslt versi\u00f3n 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el \u00e1rea de memoria relevante se liber\u00f3 y reutiliz\u00f3 de cierta manera, una comprobaci\u00f3n de l\u00edmites podr\u00eda fallar y podr\u00eda escribirse la memoria fuera de un b\u00fafer o podr\u00edan divulgarse datos no inicializados."
}
],
"id": "CVE-2019-18197",
"lastModified": "2024-11-21T04:32:48.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-18T21:15:10.793",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2024-11-21 02:52
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9139DE10-DDA6-4BA8-AA13-A7009B63C08C",
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE-2016-4608, CVE-2016-4609 y CVE-2016-4612."
}
],
"id": "CVE-2016-4610",
"lastModified": "2024-11-21T02:52:36.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:34.180",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
"versionEndIncluding": "11.50.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
"matchCriteriaId": "8836399B-AA1F-45DB-A423-B41A93A14281",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "086B8913-51FE-4FCA-AB2C-47541F2C3252",
"versionEndExcluding": "7.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "71143206-77A6-4B8F-964B-FD4E00C1AE60",
"versionEndExcluding": "10.6",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B",
"versionEndExcluding": "12.9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78127EE5-23FE-4C66-B7EE-2CF3E19F0503",
"versionEndExcluding": "12.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "A0334DC1-4D8C-448C-84B3-310499118B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*",
"matchCriteriaId": "F80F3626-D093-45F4-80A1-3DB1EC94E0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
"matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
"matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
"matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A",
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6",
"versionEndExcluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
},
{
"lang": "es",
"value": "En el archivo numbers.c en libxslt versi\u00f3n 1.1.33, un tipo que contiene caracteres de agrupaci\u00f3n de una instrucci\u00f3n xsl:number era demasiado estrecho y una combinaci\u00f3n de car\u00e1cter/longitud no v\u00e1lida se pod\u00eda ser pasada a la funci\u00f3n xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados."
}
],
"id": "CVE-2019-13118",
"lastModified": "2024-11-21T04:24:13.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T02:15:09.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
Summary
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.33 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| oracle | openjdk | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF9724E-ED48-45EB-92DF-1223ECF12693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
},
{
"lang": "es",
"value": "En el archivo numbers.c en libxslt versi\u00f3n 1.1.33, un xsl:number con ciertas cadenas de formato conllevar\u00eda a una lectura no inicializada en la funci\u00f3n xsltNumberFormatInsertNumbers. Esto podr\u00eda permitir a un atacante discernir si un byte en la pila contiene los caracteres A, a, I, i o 0, o cualquier otro car\u00e1cter."
}
],
"id": "CVE-2019-13117",
"lastModified": "2024-11-21T04:24:13.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-01T02:15:09.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-09 04:10
Modified
2024-11-21 01:31
Severity ?
Summary
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3785615-314D-46D8-8894-3554935C569A",
"versionEndExcluding": "17.0.963.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F084E6C1-8DB0-4D1F-B8EB-5D2CD9AD6E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8B072472-B463-4647-885D-E40B0115C810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
},
{
"lang": "es",
"value": "libxslt, tal y como se utiliza en Google Chrome antes de v17.0.963.46, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3970",
"lastModified": "2024-11-21T01:31:37.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-09T04:10:29.177",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 23:59
Modified
2024-11-21 03:26
Severity ?
Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| chrome | * | ||
| android | - | ||
| xmlsoft | libxslt | 1.1.29 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9559EF-FA8D-4452-BD04-243F0BD5389D",
"versionEndIncluding": "57.0.2987.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78D4802A-D418-48B0-AB99-B9F28C66F6C4",
"versionEndIncluding": "57.0.2987.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D4ECDC-5CA4-48D6-B41E-DAB606A5C403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
},
{
"lang": "es",
"value": "La funci\u00f3n xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carec\u00eda de una comprobaci\u00f3n de desbordamiento de entero durante un c\u00e1lculo de tama\u00f1o, lo que permite a un atacante remoto realizar una escritura de memoria fuera de l\u00edmites a trav\u00e9s de una p\u00e1gina HTML dise\u00f1ada."
}
],
"id": "CVE-2017-5029",
"lastModified": "2024-11-21T03:26:53.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T23:59:00.157",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/676623"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/676623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-11 01:15
Modified
2024-11-21 04:45
Severity ?
Summary
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1EA275-4F5D-4669-9751-4E40AEF0B97C",
"versionEndExcluding": "1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
},
{
"lang": "es",
"value": "Una confusi\u00f3n de tipo en la funci\u00f3n xsltNumberFormatGetMultipleLevel versiones anteriores a libxslt versi\u00f3n 1.1.33, podr\u00eda permitir a atacantes explotar potencialmente la corrupci\u00f3n de la pila por medio de datos XML dise\u00f1ados."
}
],
"id": "CVE-2019-5815",
"lastModified": "2024-11-21T04:45:33.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-11T01:15:10.537",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-12 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45AC51B-B71D-4F32-845F-8CADEDF658CE",
"versionEndIncluding": "1.1.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E595672-2421-461D-87D9-328048B25050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "956B09D6-C565-400E-A138-ED4A2BBC275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD95682-DC9E-4F6F-AFAF-A76A5798CD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E01474-EC8B-4664-8207-EC46C0175554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5175CD5-1CA4-49A8-8CCD-586EFCD25D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB058A-BAF1-4F86-9F79-8C5A9A01DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1975FB9-2D07-418B-BB0B-782D068C0535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EDFCC-7A5B-4AE4-A213-494711975D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B4C26-6197-4C37-AABB-934EF4E37943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA1BBF-D793-4E1C-82A5-4688675B542F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D71D19E-2679-42A1-81E4-CE1DE422CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AD4CCA-3D5F-410F-A4C0-8722CE656E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DDE39-304C-4F1B-B840-1CF3C970D3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE5C85D-4044-413B-863A-25972FC6F669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F412D-4DC9-4F36-9035-78F5977D0FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99186C70-8E36-45F9-8E42-4A08D2FDEF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E48915-76B4-4788-B4AA-6B3B7746E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC5C699-6CDB-4C2C-8BD7-1F68AB0C5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DB742-5752-408A-AD89-55032A2389B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A57E80C-5D45-4574-9944-AC0DA3620118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB7BA1B-9548-4D1C-8A10-34239120B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "86D10EDB-D8DF-4CA3-8799-D2646DEC802B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EA931-6846-488F-AD33-FE9D04EF07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D67FD41-2404-4658-8D6B-4DBD4F471880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F6DF1-2375-4389-B07D-FF486C3502CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0469B71F-2303-4072-9C54-2004A117E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDFD037-100A-4F3E-B114-E3F72BA17084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EDDE79-10ED-4465-ADEA-C989548BA314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F9034-C7F6-4430-A2AA-4A0C00A9747B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "68926A2D-5311-46CF-AF16-AC16F53CDE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CBA3E7-0BD1-41B2-BC17-D26BA825B983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E63AAA8C-84CB-40D9-85D3-B8E62B6304CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8C19E3F3-2B60-4356-B32A-64F39340FB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "34C904FE-A924-47B3-87DA-4F5A0BF1A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3321C-0865-4734-BB89-C3C4AAABBA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "684B2370-5265-4E85-BAE0-A987FA14F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "46F05C32-8B19-4B6A-A02F-D5F96489979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83D4930-CA0C-4BE0-BA05-A041F80AA6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F824E314-F658-463F-9A33-AA577EF8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C0556BEA-0B5E-4EF7-9E7E-EF0A4323BFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4C09DB64-1D4B-4047-B76A-D249B8D0F55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "270B7D3F-2541-4E7C-B40C-2014BD3CA4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "29159B77-EB1C-4DA3-9DD5-52113C353870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2878F7-0917-4A17-9CB3-3B644A9B8A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B3CAF-65FA-417C-A8E5-04806C4C3709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "26F9E2A6-19FC-41D4-9EB7-4FFCB152CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8699DD77-22BD-4E8F-8210-956E7DCD805D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FF265313-EB0B-4649-A432-E95DE0AEE4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "555054F5-4C4C-4BD0-ADD9-2E8C55814D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14054A80-5975-48DA-A2B8-800ED3F17F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E39216FB-6A55-4C15-AEBA-AC68CFE8D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9F47F-76D2-44F7-93DE-045E5F05DF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF5779A-EE67-4AA2-86EE-5F4534AF8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04167292-B8A5-4CE2-AE7B-70FD2BDE5724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A663FD5-6694-4203-A0B8-405121A6B346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1614DAE5-A84E-4898-B9E0-E4F5DD5D17AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "493B79B8-74A0-4089-BBA5-435C3B549928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE8B7B5-4C35-4F65-B891-80A207BA83D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "147804D0-9C1A-4BD8-A800-0F2B7EA40FEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
},
{
"lang": "es",
"value": "libxslt antes de v1.1.28 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a puntero NULL y ca\u00edda del sistema) mediante un atributo (1) match vac\u00edo en una clave XSL a la funci\u00f3n xsltAddKey en keys.c o (2) una variable no inicializada en la funci\u00f3n xsltDocumentFunction en functions.c."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2012-6139",
"lastModified": "2024-11-21T01:45:53.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-12T22:55:01.007",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52745"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52813"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52884"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2654"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"source": "secalert@redhat.com",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-05 23:59
Modified
2024-11-21 02:46
Severity ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D4D1E-C218-4105-8DB1-1D6BCC693F23",
"versionEndIncluding": "50.0.2661.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
},
{
"lang": "es",
"value": "numbers.c en libxslt en versiones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente el token de formato i para datos xsl:number, lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (desbordamiento de entero o consumo de recursos) o posiblemente tener otro impacto no especificado a trav\u00e9s de un documento manipulado."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/190.html\"\u003eCWE-190: Integer Overflow or Wraparound\u003c/a\u003e",
"id": "CVE-2016-1684",
"lastModified": "2024-11-21T02:46:52.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-05T23:59:13.117",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/583171"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206899"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206901"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206902"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206903"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206904"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/583171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-14 20:55
Modified
2024-11-21 01:55
Severity ?
Summary
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB5BF4A-58DB-4329-A89A-B11F4663B059",
"versionEndIncluding": "1.1.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E595672-2421-461D-87D9-328048B25050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "956B09D6-C565-400E-A138-ED4A2BBC275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD95682-DC9E-4F6F-AFAF-A76A5798CD6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28E01474-EC8B-4664-8207-EC46C0175554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5175CD5-1CA4-49A8-8CCD-586EFCD25D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AB058A-BAF1-4F86-9F79-8C5A9A01DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1975FB9-2D07-418B-BB0B-782D068C0535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EDFCC-7A5B-4AE4-A213-494711975D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF2B4C26-6197-4C37-AABB-934EF4E37943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFA1BBF-D793-4E1C-82A5-4688675B542F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D71D19E-2679-42A1-81E4-CE1DE422CE7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AD4CCA-3D5F-410F-A4C0-8722CE656E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DDE39-304C-4F1B-B840-1CF3C970D3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE5C85D-4044-413B-863A-25972FC6F669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4F412D-4DC9-4F36-9035-78F5977D0FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99186C70-8E36-45F9-8E42-4A08D2FDEF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03E48915-76B4-4788-B4AA-6B3B7746E397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC5C699-6CDB-4C2C-8BD7-1F68AB0C5348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DB742-5752-408A-AD89-55032A2389B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1A57E80C-5D45-4574-9944-AC0DA3620118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB7BA1B-9548-4D1C-8A10-34239120B0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "86D10EDB-D8DF-4CA3-8799-D2646DEC802B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EA931-6846-488F-AD33-FE9D04EF07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D67FD41-2404-4658-8D6B-4DBD4F471880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6F6DF1-2375-4389-B07D-FF486C3502CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0469B71F-2303-4072-9C54-2004A117E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDFD037-100A-4F3E-B114-E3F72BA17084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EDDE79-10ED-4465-ADEA-C989548BA314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F9034-C7F6-4430-A2AA-4A0C00A9747B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "68926A2D-5311-46CF-AF16-AC16F53CDE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CBA3E7-0BD1-41B2-BC17-D26BA825B983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E63AAA8C-84CB-40D9-85D3-B8E62B6304CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8C19E3F3-2B60-4356-B32A-64F39340FB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "34C904FE-A924-47B3-87DA-4F5A0BF1A398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3321C-0865-4734-BB89-C3C4AAABBA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "684B2370-5265-4E85-BAE0-A987FA14F6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "46F05C32-8B19-4B6A-A02F-D5F96489979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A83D4930-CA0C-4BE0-BA05-A041F80AA6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F824E314-F658-463F-9A33-AA577EF8D4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C0556BEA-0B5E-4EF7-9E7E-EF0A4323BFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "4C09DB64-1D4B-4047-B76A-D249B8D0F55F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "270B7D3F-2541-4E7C-B40C-2014BD3CA4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "29159B77-EB1C-4DA3-9DD5-52113C353870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2878F7-0917-4A17-9CB3-3B644A9B8A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E43B3CAF-65FA-417C-A8E5-04806C4C3709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "26F9E2A6-19FC-41D4-9EB7-4FFCB152CDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "8699DD77-22BD-4E8F-8210-956E7DCD805D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FF265313-EB0B-4649-A432-E95DE0AEE4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "555054F5-4C4C-4BD0-ADD9-2E8C55814D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14054A80-5975-48DA-A2B8-800ED3F17F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E39216FB-6A55-4C15-AEBA-AC68CFE8D184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F9F47F-76D2-44F7-93DE-045E5F05DF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF5779A-EE67-4AA2-86EE-5F4534AF8EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "04167292-B8A5-4CE2-AE7B-70FD2BDE5724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A663FD5-6694-4203-A0B8-405121A6B346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1614DAE5-A84E-4898-B9E0-E4F5DD5D17AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "493B79B8-74A0-4089-BBA5-435C3B549928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
},
{
"lang": "es",
"value": "xslt.c en libxslt anterior a 1.1.25 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una hoja de estilo embebida en una DTD, lo que hace que una estructura sea accesible como un tipo diferente. NOTA: este problema se debe a una soluci\u00f3n incompleta de CVE-2012-2825."
}
],
"id": "CVE-2013-4520",
"lastModified": "2024-11-21T01:55:43.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T20:55:03.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56072"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/99671"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/99671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-01 14:41
Modified
2024-11-21 00:48
Severity ?
Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 | |
| xmlsoft | libxslt | 1.1.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en las funciones rc4 de (1) cifrado (aka exsltCryptoRc4EncryptFunction) y (2) descifrado (aka exsltCryptoRc4DecryptFunction) en crypto.c en libexslt en libxslt 1.1.8 hasta 1.1.24 permite a atacantes dependientes de contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero XML que contiene una larga cadena de caracteres como \"un argumento en la entrada XSL.\""
}
],
"id": "CVE-2008-2935",
"lastModified": "2024-11-21T00:48:03.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-01T14:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31230"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31310"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31331"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31363"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31395"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31399"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32453"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/4078"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/30467"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020596"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-22 02:59
Modified
2024-11-21 02:52
Severity ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05F7F040-914C-440A-933F-D484BFD44EE9",
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39C1D2-51B4-403A-8488-FCE21DD23114",
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
},
{
"lang": "es",
"value": "libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4607, CVE2016-4609, CVE-2016-4610 y CVE-2016-4612"
}
],
"id": "CVE-2016-4608",
"lastModified": "2024-11-21T02:52:36.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:31.523",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 19:55
Modified
2024-11-21 01:39
Severity ?
Summary
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D746FCB4-9ACA-425D-929F-F46EDDEC1B56",
"versionEndIncluding": "6.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06980521-B0EA-434D-89AD-A951EAF1D23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AE6A93-3977-4B32-B2F6-55C94387DDE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E78F1F2C-2BFF-4D55-A754-102D6C42081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A4AF71-8E71-432A-B908-361DAF99F4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE0068D-C699-4646-9658-610409925A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "87C215DD-BC98-4283-BF13-69556EF7CB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C3966E-C136-47A9-B5B4-70613756ED27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22AD2A1F-A637-47DE-A69F-DAE4ABDFA4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6D398B8-821B-4DE9-ADF1-4983051F964C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CCE5F2-4D32-404B-BAAC-E64F11BD41FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9EB400-8080-4519-ADE0-DF99113483AE",
"versionEndIncluding": "21.0.1180.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"matchCriteriaId": "A0692DD3-562D-4BE7-BB61-1549EFFF9CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF70696-70A8-4DFA-A0C3-172A103F3F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*",
"matchCriteriaId": "25241621-CBB0-4E39-B901-2F70EE476722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1355883C-C184-46C1-9CF7-AA59B0FC61B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*",
"matchCriteriaId": "DB090D01-9F7E-49CF-8356-80CC03999121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A37AB354-581C-42CA-B8E9-9AEAC0B326AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*",
"matchCriteriaId": "885EFC87-061C-4EEF-880A-68D7D53BACDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*",
"matchCriteriaId": "D58B0932-1DF3-4308-8D82-B20564E974F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*",
"matchCriteriaId": "A8FAD1E6-788F-4295-BFD2-F3CE99B14934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8AB897-7A45-4360-AFA7-EB7C8690ADD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF0FA83-C464-4270-A4E8-1441DF4ECFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*",
"matchCriteriaId": "86B70015-F651-467C-A846-5C97772D91EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A549D-48EF-434C-ABBA-0FF7078060D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B573E86E-3512-4DB9-911E-1B27A3BB69DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BDB997-D125-4B5D-9680-9AED7D89FD0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0BAF7E49-6795-4848-AADD-40D8B2D5F5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B244B3-86E0-4E1D-96A5-E0B9B50F2ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FF1C67-9CB7-4C78-9F3C-C88AB5A6284D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*",
"matchCriteriaId": "3371BBF5-0B82-4005-96AE-9B604A2FA70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*",
"matchCriteriaId": "5916EA0D-D763-4650-9AC4-A38C6E8EB052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*",
"matchCriteriaId": "443C5B0F-8FC6-40E3-AA95-BB8884176002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEE1054-F275-4C04-9F1E-994AD053827A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*",
"matchCriteriaId": "FA50A727-8EBA-4E97-A003-FAA2258D9128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFF35D2-661A-4FCC-AB31-D354D1F204F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*",
"matchCriteriaId": "150E8749-5A22-4834-A165-1F9FAFE3F91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*",
"matchCriteriaId": "DF534291-1F7A-486D-9574-CA9E734DBC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ACB74A-3F0C-44FE-BC9D-4993AD58064F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BF669C-3DAD-46B6-B2B9-A226CAC7B0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9251F19D-BEA4-4ED4-9A4B-EA89E795C6D0",
"versionEndIncluding": "1.1.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
},
{
"lang": "es",
"value": "libxslt v1.1.26 y anteriores, tal como se utiliza en Google Chrome anterior a v21.0.1180.89, no gestiona adecuadamente la memoria, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una elaborada expresi\u00f3n XSLT que no est\u00e9 debidamente identificado durante XPath navegaci\u00f3n, en relaci\u00f3n con (1) la funci\u00f3n xsltCompileLocationPathPattern en libxslt / pattern.c y (2) la funci\u00f3n xsltGenerateIdFunction en libxslt / functions.c."
}
],
"id": "CVE-2012-2870",
"lastModified": "2024-11-21T01:39:48.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T19:55:01.077",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT6001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://chromiumcodereview.appspot.com/10830177"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:20
Severity ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E054BED-0DA0-4966-8B7F-E7DDFAAF892F",
"versionEndIncluding": "1.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*",
"matchCriteriaId": "8594A5FB-33D0-422E-8F32-16ECF08DB45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
"matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DA944C-4992-424D-BC82-474585DAC5DF",
"versionEndIncluding": "11.70.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*",
"matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
},
{
"lang": "es",
"value": "libxslt hasta la versi\u00f3n 1.1.33 permite omitir los mecanismos de protecci\u00f3n debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso despu\u00e9s de recibir el c\u00f3digo de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inv\u00e1lida y que se carga posteriormente."
}
],
"id": "CVE-2019-11068",
"lastModified": "2024-11-21T04:20:28.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T20:29:01.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-17 15:59
Modified
2024-11-21 02:37
Severity ?
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66F0A17C-3DC1-4E8A-9291-DD97F386F40C",
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7F8660-36B3-469C-81AD-07B25B09E5D7",
"versionEndIncluding": "10.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
},
{
"lang": "es",
"value": "La funci\u00f3n xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo XML manipulado, relacionado a un problema \u0027type confusion\u0027."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/843.html\"\u003eCWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\u003c/a\u003e",
"id": "CVE-2015-7995",
"lastModified": "2024-11-21T02:37:48.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-17T15:59:16.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"source": "cve@mitre.org",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "cve@mitre.org",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205729"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205731"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT205732"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT205732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-05 23:59
Modified
2024-11-21 02:46
Severity ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxslt | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| debian | debian_linux | 8.0 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| suse | linux_enterprise | 12.0 | |
| chrome | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2EBD51-DEC5-49DD-BF2A-BFEFF02BC812",
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D4D1E-C218-4105-8DB1-1D6BCC693F23",
"versionEndIncluding": "50.0.2661.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
},
{
"lang": "es",
"value": "numbers.c in libxslt en verisones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente los nodos de espacio de nombres, lo que permite a atacantes remotos provocar una denegaci\u00f3n del servicio (acceso a memoria din\u00e1mica fuera de l\u00edmites) o posiblemente tener otro impacto no especificado a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2016-1683",
"lastModified": "2024-11-21T02:46:52.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-05T23:59:12.227",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://crbug.com/583156"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206899"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206901"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206902"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206903"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206904"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://crbug.com/583156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-6139
Vulnerability from cvelistv5
Published
2013-04-12 22:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1784-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-05T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1784-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2654"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1784-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1784-1"
},
{
"name": "52884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52884"
},
{
"name": "52813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52813"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=685330",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685330"
},
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d"
},
{
"name": "openSUSE-SU-2013:0593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html"
},
{
"name": "openSUSE-SU-2013:0585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html"
},
{
"name": "MDVSA-2013:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:141"
},
{
"name": "1028338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028338"
},
{
"name": "http://xmlsoft.org/XSLT/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/XSLT/news.html"
},
{
"name": "52745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52745"
},
{
"name": "FEDORA-2013-4507",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html"
},
{
"name": "52805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52805"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=685328",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=685328"
},
{
"name": "DSA-2654",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2654"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6139",
"datePublished": "2013-04-12T22:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5029
Vulnerability from cvelistv5
Published
2017-04-24 23:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | x_refsource_CONFIRM | |
| https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038157 | vdb-entry, x_refsource_SECTRACK | |
| https://crbug.com/676623 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3810 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/96767 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHSA-2017-0499.html | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
Version: Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:44.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "https://crbug.com/676623",
"refsource": "CONFIRM",
"url": "https://crbug.com/676623"
},
{
"name": "DSA-3810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3810"
},
{
"name": "96767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96767"
},
{
"name": "RHSA-2017:0499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-5029",
"datePublished": "2017-04-24T23:00:00",
"dateReserved": "2017-01-02T00:00:00",
"dateUpdated": "2024-08-05T14:47:44.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1202
Vulnerability from cvelistv5
Published
2011-03-11 01:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:33.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:14244",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46785"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14244",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244"
},
{
"name": "46785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46785"
},
{
"name": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"name": "MDVSA-2011:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73716",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73716"
},
{
"name": "google-xslt-info-disclosure(65966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65966"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=684386",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
},
{
"name": "ADV-2011-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1202",
"datePublished": "2011-03-11T01:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:21:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2935
Vulnerability from cvelistv5
Published
2008-08-01 14:00
Modified
2024-08-07 09:21
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name": "oval:org.mitre.oval:def:10827",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name": "libxslt-multiple-crypto-bo(44141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name": "32453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32453"
},
{
"name": "31399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31399"
},
{
"name": "31363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name": "FEDORA-2008-7029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name": "20080731 [oCERT-2008-009] libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name": "30467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name": "4078",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4078"
},
{
"name": "GLSA-200808-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name": "31310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31310"
},
{
"name": "MDVSA-2008:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name": "USN-633-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name": "31331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31331"
},
{
"name": "20081027 rPSA-2008-0306-1 libxslt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name": "20080801 libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name": "31230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31230"
},
{
"name": "FEDORA-2008-7062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name": "ADV-2008-2266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name": "1020596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020596"
},
{
"name": "DSA-1624",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"name": "31395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2008:0649",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0649.html"
},
{
"name": "oval:org.mitre.oval:def:10827",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827"
},
{
"name": "libxslt-multiple-crypto-bo(44141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306"
},
{
"name": "32453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32453"
},
{
"name": "31399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31399"
},
{
"name": "31363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scary.beasts.org/security/CESA-2008-003.html"
},
{
"name": "FEDORA-2008-7029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html"
},
{
"name": "20080731 [oCERT-2008-009] libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494976/100/0/threaded"
},
{
"name": "30467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/patches/exslt_crypt.patch"
},
{
"name": "4078",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4078"
},
{
"name": "GLSA-200808-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-06.xml"
},
{
"name": "31310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31310"
},
{
"name": "MDVSA-2008:160",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:160"
},
{
"name": "USN-633-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-633-1"
},
{
"name": "31331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31331"
},
{
"name": "20081027 rPSA-2008-0306-1 libxslt",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497829/100/0/threaded"
},
{
"name": "20080801 libxslt heap overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495018/100/0/threaded"
},
{
"name": "31230",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31230"
},
{
"name": "FEDORA-2008-7062",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html"
},
{
"name": "ADV-2008-2266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2266/references"
},
{
"name": "1020596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020596"
},
{
"name": "DSA-1624",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1624"
},
{
"name": "31395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2935",
"datePublished": "2008-08-01T14:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11068
Vulnerability from cvelistv5
Published
2019-04-10 19:38
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T15:06:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"
},
{
"name": "[debian-lts-announce] 20190415 [SECURITY] [DLA 1756-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"
},
{
"name": "USN-3947-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3947-2/"
},
{
"name": "[oss-security] 20190422 Nokogiri security update v1.10.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/22/1"
},
{
"name": "USN-3947-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3947-1/"
},
{
"name": "[oss-security] 20190423 Re: Nokogiri security update v1.10.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/23/5"
},
{
"name": "openSUSE-SU-2019:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"
},
{
"name": "openSUSE-SU-2019:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"
},
{
"name": "openSUSE-SU-2019:1428",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"name": "openSUSE-SU-2019:1527",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
},
{
"name": "FEDORA-2019-e21c77ffae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "FEDORA-2019-e74d639587",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/"
},
{
"name": "openSUSE-SU-2019:1824",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191017-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191017-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11068",
"datePublished": "2019-04-10T19:38:18",
"dateReserved": "2019-04-10T00:00:00",
"dateUpdated": "2024-08-04T22:40:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29824
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29824",
"datePublished": "2022-05-03T00:00:00",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-30560
Vulnerability from cvelistv5
Published
2021-08-03 00:00
Modified
2024-08-03 22:32
Severity ?
EPSS score ?
Summary
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1219209"
},
{
"name": "DSA-5216",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"name": "GLSA-202310-23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "91.0.4472.164",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T14:06:22.033053",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1219209"
},
{
"name": "DSA-5216",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5216"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
},
{
"name": "GLSA-202310-23",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-30560",
"datePublished": "2021-08-03T00:00:00",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:32:41.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7995
Vulnerability from cvelistv5
Published
2015-11-17 15:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206168"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206168"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
},
{
"name": "https://support.apple.com/HT205731",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205731"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017"
},
{
"name": "https://support.apple.com/HT205729",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205729"
},
{
"name": "[oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"name": "[oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"name": "APPLE-SA-2016-01-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"name": "1034736",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034736"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2016-01-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "https://puppet.com/security/cve/cve-2015-7995",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"name": "APPLE-SA-2016-01-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"name": "77325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77325"
},
{
"name": "openSUSE-SU-2016:1439",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"name": "SSA:2016-148-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "https://support.apple.com/HT205732",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205732"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7995",
"datePublished": "2015-11-17T15:00:00",
"dateReserved": "2015-10-28T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4607
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:26.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:06",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91834"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4607",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:26.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3970
Vulnerability from cvelistv5
Published
2012-02-09 02:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | vendor-advisory, x_refsource_SUSE | |
| http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html | x_refsource_CONFIRM | |
| https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html | vendor-advisory, x_refsource_SUSE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818 | vdb-entry, signature, x_refsource_OVAL | |
| http://code.google.com/p/chromium/issues/detail?id=110277 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "oval:org.mitre.oval:def:14818",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14818"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=110277",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=110277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2011-3970",
"datePublished": "2012-02-09T02:00:00",
"dateReserved": "2011-10-01T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4608
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:07",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4608",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4520
Vulnerability from cvelistv5
Published
2013-12-14 20:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2013/q4/239 | mailing-list, x_refsource_MLIST | |
| https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa | x_refsource_MISC | |
| https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html | vendor-advisory, x_refsource_SUSE | |
| https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/56072 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=849019 | x_refsource_CONFIRM | |
| http://www.osvdb.org/99671 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/oss-sec/2013/q4/238 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-14T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/239"
},
{
"name": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa",
"refsource": "MISC",
"url": "https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa"
},
{
"name": "SUSE-SU-2013:1654",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html"
},
{
"name": "SUSE-SU-2013:1656",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html"
},
{
"name": "56072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56072"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=849019",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=849019"
},
{
"name": "99671",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/99671"
},
{
"name": "[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4520",
"datePublished": "2013-12-14T20:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13117
Vulnerability from cvelistv5
Published
2019-07-01 01:27
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5631739747106816",
"refsource": "MISC",
"url": "https://oss-fuzz.com/testcase-detail/5631739747106816"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13117",
"datePublished": "2019-07-01T01:27:02",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1684
Vulnerability from cvelistv5
Published
2016-06-05 23:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:13.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/583171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:06",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/583171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/583171",
"refsource": "CONFIRM",
"url": "https://crbug.com/583171"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d"
},
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1684",
"datePublished": "2016-06-05T23:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:13.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1683
Vulnerability from cvelistv5
Published
2016-06-05 23:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:13.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/583156"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T19:06:07",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"name": "DSA-3605",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/583156"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016"
},
{
"name": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242"
},
{
"name": "90876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90876"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "openSUSE-SU-2016:1496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "1035981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035981"
},
{
"name": "DSA-3590",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3590"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"
},
{
"name": "USN-2992-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2992-1"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "openSUSE-SU-2016:1430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "RHSA-2016:1190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1190"
},
{
"name": "https://crbug.com/583156",
"refsource": "CONFIRM",
"url": "https://crbug.com/583156"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "GLSA-201607-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-07"
},
{
"name": "openSUSE-SU-2016:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2016-1683",
"datePublished": "2016-06-05T23:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:13.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13118
Vulnerability from cvelistv5
Published
2019-07-01 01:27
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:08:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210357"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"name": "https://oss-fuzz.com/testcase-detail/5197371471822848",
"refsource": "MISC",
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"name": "https://support.apple.com/kb/HT210348",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210348"
},
{
"name": "https://support.apple.com/kb/HT210353",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210353"
},
{
"name": "https://support.apple.com/kb/HT210351",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210351"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"name": "https://support.apple.com/kb/HT210346",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210346"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"name": "20190723 APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"name": "20190723 APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"name": "20190723 APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"name": "20190723 APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"name": "https://support.apple.com/kb/HT210356",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210356"
},
{
"name": "https://support.apple.com/kb/HT210357",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210357"
},
{
"name": "https://support.apple.com/kb/HT210358",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210358"
},
{
"name": "20190724 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"name": "20190724 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"name": "20190724 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"name": "20190726 APPLE-SA-2019-7-23-3 iCloud for Windows 10.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"name": "20190726 APPLE-SA-2019-7-23-1 iCloud for Windows 7.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"name": "20190726 APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190806-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004/"
},
{
"name": "20190814 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"name": "20190814 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"name": "20190814 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"name": "20190814 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "FEDORA-2019-fdf6ec39b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200122-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13118",
"datePublished": "2019-07-01T01:27:39",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4609
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:06:11",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4609",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5815
Vulnerability from cvelistv5
Published
2019-12-11 00:55
Modified
2024-08-04 20:09
Severity ?
EPSS score ?
Summary
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b | x_refsource_MISC | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=930663 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "74.0.3729.108",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-09T15:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2019-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "74.0.3729.108"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663"
},
{
"name": "[debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5815",
"datePublished": "2019-12-11T00:55:15",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-9019
Vulnerability from cvelistv5
Published
2017-04-05 21:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=934119 | x_refsource_MISC | |
| https://bugzilla.gnome.org/show_bug.cgi?id=758400 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-05T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=934119",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=934119"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=758400",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=758400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9019",
"datePublished": "2017-04-05T21:00:00Z",
"dateReserved": "2017-04-05T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:40.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18197
Vulnerability from cvelistv5
Published
2019-10-18 20:07
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T23:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\u0027t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"
},
{
"name": "USN-4164-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4164-1/"
},
{
"name": "[debian-lts-announce] 20191027 [SECURITY] [DLA 1973-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0004/"
},
{
"name": "[oss-security] 20191117 Nokogiri security update v1.10.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
},
{
"name": "openSUSE-SU-2020:0189",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0210",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"
},
{
"name": "RHSA-2020:0514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0514"
},
{
"name": "openSUSE-SU-2020:0233",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
},
{
"name": "openSUSE-SU-2020:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18197",
"datePublished": "2019-10-18T20:07:17",
"dateReserved": "2019-10-18T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2870
Vulnerability from cvelistv5
Published
2012-08-31 19:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-23T19:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=138672",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"name": "https://chromiumcodereview.appspot.com/10823168",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"name": "50838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50838"
},
{
"name": "APPLE-SA-2013-10-22-8",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"name": "DSA-2555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"name": "http://support.apple.com/kb/HT6001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6001"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=140368",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"name": "https://chromiumcodereview.appspot.com/10830177",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name": "MDVSA-2012:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:164"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"name": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123",
"refsource": "CONFIRM",
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2012-2870",
"datePublished": "2012-08-31T19:00:00",
"dateReserved": "2012-05-19T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4610
Vulnerability from cvelistv5
Published
2016-07-22 01:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:06:11",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206903"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "https://support.apple.com/HT206901",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206901"
},
{
"name": "91826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91826"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "APPLE-SA-2016-07-18-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "1036348",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036348"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "https://support.apple.com/HT206904",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206904"
},
{
"name": "https://support.apple.com/HT206899",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206899"
},
{
"name": "FEDORA-2019-320d5295fc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/"
},
{
"name": "[debian-lts-announce] 20190722 [SECURITY] [DLA 1860-1] libxslt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4610",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201607-0350
Vulnerability from variot
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4608 , CVE-2016-4609 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher
CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher
IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher
libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco
LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0350",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libxslt",
"scope": null,
"trust": 1.4,
"vendor": "xmlsoft",
"version": null
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "libxslt",
"scope": "lt",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.29"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 and later"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.2 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "watch sport",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watch hermes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watch edition",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
}
],
"sources": [
{
"db": "BID",
"id": "91834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4607"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137958"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4607",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4607",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93426",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4607",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4607",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-868",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93426",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-4607",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4608 , CVE-2016-4609 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. \nVersions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to view sensitive user information\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to elevate privileges\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a denial of service\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to gain root privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A user\u0027s password may be visible on screen\nDescription: An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "BID",
"id": "91834"
},
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137958"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4607",
"trust": 3.3
},
{
"db": "BID",
"id": "91834",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036348",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93426",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4607",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137958",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "BID",
"id": "91834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137958"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"id": "VAR-201607-0350",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93426"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:48:51.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206899"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "libxslt",
"trust": 0.8,
"url": "http://xmlsoft.org/libxslt/"
},
{
"title": "Multiple Apple Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63228"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/91834"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206899"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206901"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206904"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036348"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4607"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4607"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.4,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.2,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht206900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "BID",
"id": "91834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137958"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93426"
},
{
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"db": "BID",
"id": "91834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137958"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93426"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91834"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-19T19:45:20",
"db": "PACKETSTORM",
"id": "137958"
},
{
"date": "2016-07-19T20:00:50",
"db": "PACKETSTORM",
"id": "137960"
},
{
"date": "2016-07-22T02:59:30.350000",
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-93426"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4607"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91834"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004034"
},
{
"date": "2023-11-07T02:32:41.413000",
"db": "NVD",
"id": "CVE-2016-4607"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxslt Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004034"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-868"
}
],
"trust": 0.6
}
}
var-201607-0352
Vulnerability from variot
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0352",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libxslt",
"scope": null,
"trust": 1.4,
"vendor": "xmlsoft",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "libxslt",
"scope": "lt",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.29"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 and later"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.2 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4609"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4609",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93428",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4609",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4609",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-870",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93428",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-4609",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx\nhvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj\nuS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV\n5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1\nlC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S\nCVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1\nH+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6\nSeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo\n4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ\nitACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr\nf9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg\n/esomms9/qUSQyOF2huK\n=zqBF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4609",
"trust": 3.3
},
{
"db": "BID",
"id": "91826",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036348",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93428",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137963",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"id": "VAR-201607-0352",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93428"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:33:21.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206903"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "libxslt",
"trust": 0.8,
"url": "http://xmlsoft.org/libxslt/index.html"
},
{
"title": "Multiple Apple Product denial of service vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63230"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/91826"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206899"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206901"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206904"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036348"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4609"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4609"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2737/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.4,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.2,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93428"
},
{
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93428"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"date": "2016-07-19T20:07:49",
"db": "PACKETSTORM",
"id": "137963"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-19T20:00:50",
"db": "PACKETSTORM",
"id": "137960"
},
{
"date": "2016-07-22T02:59:32.977000",
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-93428"
},
{
"date": "2020-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4609"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004036"
},
{
"date": "2023-11-07T02:32:41.620000",
"db": "NVD",
"id": "CVE-2016-4609"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxslt Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-870"
}
],
"trust": 0.6
}
}
var-201511-0027
Vulnerability from variot
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlCrafted by attackers XML Through the file Service operation interruption (DoS) There is a possibility of being put into a state. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3605-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq
Package : libxslt CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Debian Bug : 802971
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library.
For the stable distribution (jessie), these problems have been fixed in version 1.1.28-2+deb8u1.
We recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-2 watchOS 2.2
watchOS 2.2 is now available and addresses the following:
Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team
FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor
Messages Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
syslog Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs
TrueTypeScaler Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
WebKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple
Wi-Fi Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6 CHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9 +bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt xLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu ArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb 5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why oB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4 5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+ 7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9 MGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj nmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b 82FzLX2fEJg5XYLhXQrg =lORW -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05158380
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05158380 Version: 1
HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-01 Last Updated: 2016-06-01
Potential Security Impact: Cross-Site Request Forgery (CSRF), Remote Arbitrary Code Execution, Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF).
References:
CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
System Management Homepage Prior to 7.5.5 HP Systems Insight Manager (HP SIM), Prior to 7.5.1 HP Insight Control Prior to 7.5.1 HPE Version Control Repository Manager Prior to 7.5.1 HPE Server Migration Pack Prior to 7.5.1 HP Insight Control server provisioning Prior to 7.5.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4969 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-3195 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-3237 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-6565 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2015-7501 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-7995 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-8035 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2016-0705 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-0728 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2015 (AV:L/AC:H/Au:S/C:C/I:C/A:N) 5.5 CVE-2016-2017 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2018 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2016-2019 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2020 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2 CVE-2016-2021 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9 CVE-2016-2022 (AV:N/AC:H/Au:M/C:P/I:P/A:N) 3.2 CVE-2016-2024 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2016-2030 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has released the following software updates to resolve these vulnerabilities in HPE Insight Control. The HPE Insight Control 7.5.1 Update kit applicable to HPE Insight Control 7.5.x installations is available at the following location:
http://www.hpe.com/info/insightcontrol
HPE has addressed these vulnerabilities for the impacted software components bundled with HPE Insight Control in the following HPE Security Bulletins:
HPE Systems Insight Manager (SIM) (HPE Security Bulletin: HPSBMU03590)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085
HPE System Management Homepage (SMH) (HPE Security Bulletin: HPSBMU03593)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017
Version Control Repository Manager (VCRM) (HPE Security Bulletin: HPSBMU03589)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131044
HPE Server Migration Pack(SMP) (HPE Security Bulletin: HPSBMU03591)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05130958
HPE Insight Control server provisioning (HPE Security Bulletin: HPSBMU03600)
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c05150736
HISTORY Version:1 (rev.1) - 1 June 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ========================================================================== Ubuntu Security Notice USN-3271-1 April 28, 2017
libxslt vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Libxslt.
Software Description: - libxslt: XSLT processing library
Details:
Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possible execute arbitrary code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbtrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash) or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)
It was discovered that a type confusion error existed in the xsltStylePreCompute() function in Libxslt. An attacker could use this to craft a malicious XML file that, when opened, caused a denial of service (application crash). This issue only affected Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. (CVE-2015-7995)
Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a' format tokens for xsl:number data. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)
It was discovered that the xsltFormatNumberConversion() function in Libxslt did not properly handle empty decimal separators. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service (application crash). This issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-4738)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libxslt1.1 1.1.29-2ubuntu0.1
Ubuntu 16.10: libxslt1.1 1.1.29-1ubuntu0.1
Ubuntu 16.04 LTS: libxslt1.1 1.1.28-2.1ubuntu0.1
Ubuntu 14.04 LTS: libxslt1.1 1.1.28-2ubuntu0.1
Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3271-1 CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841, CVE-2016-4738, CVE-2017-5029
Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4
. CVE-ID CVE-2015-7995 : puzzor
OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix
WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"model": "libxslt",
"scope": "lte",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.28"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.8,
"vendor": "xmlsoft",
"version": "1.1.28"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11.2 for up to 10.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (ipod touch first 5 after generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1.1 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch)"
},
{
"model": "hpe insight control",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "none"
},
{
"model": "hpe insight control",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "server provisioning"
},
{
"model": "hpe server migration pack",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hpe systems insight manager",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hpe version control repository manager",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Cornelius of Red Hat Product Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-7995",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85956",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7995",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85956",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7995",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85956"
},
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue. Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. http://cwe.mitre.org/data/definitions/843.htmlCrafted by attackers XML Through the file Service operation interruption (DoS) There is a possibility of being put into a state. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3605-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 19, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxslt\nCVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684\nDebian Bug : 802971\n\nSeveral vulnerabilities were discovered in libxslt, an XSLT processing\nruntime library, which could lead to information disclosure or\ndenial-of-service (application crash) against an application using the\nlibxslt library. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.1.28-2+deb8u1. \n\nWe recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-2 watchOS 2.2\n\nwatchOS 2.2 is now available and addresses the following:\n\nDisk Images\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team\n\nFontParser\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1719 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1720 : Ian Beer of Google Project Zero\nCVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend\nMicro\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nlibxslt\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nMessages\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nSecurity\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nsyslog\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs\n\nTrueTypeScaler\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1723 : Apple\nCVE-2016-1724 : Apple\nCVE-2016-1725 : Apple\nCVE-2016-1726 : Apple\nCVE-2016-1727 : Apple\n\nWi-Fi\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6\nCHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9\n+bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt\nxLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu\nArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb\n5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why\noB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4\n5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+\n7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9\nMGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj\nnmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b\n82FzLX2fEJg5XYLhXQrg\n=lORW\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05158380\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05158380\nVersion: 1\n\nHPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Cross-Site Request Forgery (CSRF), Remote\nArbitrary Code Execution, Code Execution, Cross-Site Scripting (XSS), Denial\nof Service (DoS), Disclosure of Sensitive Information, Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HPE\nInsight Control (IC) on Windows which could be exploited remotely resulting\nin Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS),\nExecution of Arbitrary code, Disclosure of Sensitive Information,Remote Code\nExecution and locally resulting in Cross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nSystem Management Homepage Prior to 7.5.5\nHP Systems Insight Manager (HP SIM), Prior to 7.5.1\nHP Insight Control Prior to 7.5.1\nHPE Version Control Repository Manager Prior to 7.5.1\nHPE Server Migration Pack Prior to 7.5.1\nHP Insight Control server provisioning Prior to 7.5.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4969 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-3195 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-3237 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2015-6565 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2015-7501 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-7995 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-8035 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2016-0705 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-0728 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-2015 (AV:L/AC:H/Au:S/C:C/I:C/A:N) 5.5\nCVE-2016-2017 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5\nCVE-2016-2018 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2016-2019 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9\nCVE-2016-2020 (AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2\nCVE-2016-2021 (AV:L/AC:L/Au:M/C:C/I:C/A:N) 5.9\nCVE-2016-2022 (AV:N/AC:H/Au:M/C:P/I:P/A:N) 3.2\nCVE-2016-2024 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2016-2030 (AV:N/AC:L/Au:S/C:P/I:P/A:N) 5.5\nCVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has released the following software updates to resolve these\nvulnerabilities in HPE Insight Control. The HPE Insight Control 7.5.1 Update\nkit applicable to HPE Insight Control 7.5.x installations is available at the\nfollowing location:\n\nhttp://www.hpe.com/info/insightcontrol\n\nHPE has addressed these vulnerabilities for the impacted software components\nbundled with HPE Insight Control in the following HPE Security Bulletins:\n\nHPE Systems Insight Manager (SIM) (HPE Security Bulletin: HPSBMU03590)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131085\n\nHPE System Management Homepage (SMH) (HPE Security Bulletin: HPSBMU03593)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05111017\n\nVersion Control Repository Manager (VCRM) (HPE Security Bulletin:\nHPSBMU03589)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05131044\n\nHPE Server Migration Pack(SMP) (HPE Security Bulletin: HPSBMU03591)\n\nhttp://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05130958\n\nHPE Insight Control server provisioning (HPE Security Bulletin: HPSBMU03600)\n\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\nna-c05150736\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. ==========================================================================\nUbuntu Security Notice USN-3271-1\nApril 28, 2017\n\nlibxslt vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Libxslt. \n\nSoftware Description:\n- libxslt: XSLT processing library\n\nDetails:\n\nHolger Fuhrmannek discovered an integer overflow in the\nxsltAddTextString() function in Libxslt. An attacker could use\nthis to craft a malicious document that, when opened, could cause a\ndenial of service (application crash) or possible execute arbitrary\ncode. (CVE-2017-5029)\n\nNicolas Gregoire discovered that Libxslt mishandled namespace\nnodes. An attacker could use this to craft a malicious document that,\nwhen opened, could cause a denial of service (application crash)\nor possibly execute arbtrary code. This issue only affected Ubuntu\n16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)\n\nSebastian Apelt discovered that a use-after-error existed in the\nxsltDocumentFunctionLoadDocument() function in Libxslt. An attacker\ncould use this to craft a malicious document that, when opened,\ncould cause a denial of service (application crash) or possibly\nexecute arbitrary code. This issue only affected Ubuntu 16.04 LTS,\nUbuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)\n\nIt was discovered that a type confusion error existed in the\nxsltStylePreCompute() function in Libxslt. An attacker could use this\nto craft a malicious XML file that, when opened, caused a denial of\nservice (application crash). This issue only affected Ubuntu 14.04\nLTS and Ubuntu 12.04 LTS. (CVE-2015-7995)\n\nNicolas Gregoire discovered the Libxslt mishandled the \u0027i\u0027 and \u0027a\u0027\nformat tokens for xsl:number data. An attacker could use this to\ncraft a malicious document that, when opened, could cause a denial of\nservice (application crash). This issue only affected Ubuntu 16.04 LTS,\nUbuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)\n\nIt was discovered that the xsltFormatNumberConversion() function\nin Libxslt did not properly handle empty decimal separators. An\nattacker could use this to craft a malicious document that, when\nopened, could cause a denial of service (application crash). This\nissue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS,\nand Ubuntu 12.04 LTS. (CVE-2016-4738)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libxslt1.1 1.1.29-2ubuntu0.1\n\nUbuntu 16.10:\n libxslt1.1 1.1.29-1ubuntu0.1\n\nUbuntu 16.04 LTS:\n libxslt1.1 1.1.28-2.1ubuntu0.1\n\nUbuntu 14.04 LTS:\n libxslt1.1 1.1.28-2ubuntu0.1\n\nUbuntu 12.04 LTS:\n libxslt1.1 1.1.26-8ubuntu1.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3271-1\n CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841,\n CVE-2016-4738, CVE-2017-5029\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4\n\n. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nOSA Scripts\nAvailable for: OS X El Capitan v10.11 to v10.11.2\nImpact: A quarantined application may be able to override OSA script\nlibraries installed by the user\nDescription: An issue existed when searching for scripting\nlibraries. \nCVE-ID\nCVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix\n\nWebSheet\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious captive portal may be able to access the user\u0027s\ncookies\nDescription: An issue existed that allowed some captive portals to\nread or write cookies. The issue was addressed through an isolated\ncookie store for all captive portals",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "VULHUB",
"id": "VHN-85956"
},
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "PACKETSTORM",
"id": "137546"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "142342"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135325"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85956",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85956"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7995",
"trust": 3.2
},
{
"db": "SECTRACK",
"id": "1038623",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1034736",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/10/28/4",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/10/27/10",
"trust": 1.8
},
{
"db": "BID",
"id": "77325",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU90405245",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "135326",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135325",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137546",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142342",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "137223",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135385",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85956",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7995",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136343",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137292",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85956"
},
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "PACKETSTORM",
"id": "137546"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "142342"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"id": "VAR-201511-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85956"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:12:31.080000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2016-01-25-1 tvOS 9.1.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html"
},
{
"title": "APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html"
},
{
"title": "APPLE-SA-2016-01-19-1 iOS 9.2.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html"
},
{
"title": "APPLE-SA-2016-03-21-2 watchOS 2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"title": "HT205729",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205729"
},
{
"title": "HT205731",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205731"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206168"
},
{
"title": "HT205732",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205732"
},
{
"title": "HT205729",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht205729"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht206168"
},
{
"title": "HT205731",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht205731"
},
{
"title": "HT205732",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht205732"
},
{
"title": "Fix for type confusion in preprocessing attributes",
"trust": 0.8,
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"title": "HPSBMU03612",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
},
{
"title": "Bug 1257962",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://xmlsoft.org/"
},
{
"title": "Libxslt\u0027libxslt/preproc.c\u0027 Remediation measures for remote denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58552"
},
{
"title": "Red Hat: CVE-2015-7995",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7995"
},
{
"title": "Debian Security Advisories: DSA-3605-1 libxslt -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bd3ce27c06b565581692d3fbcb1b22b7"
},
{
"title": "Debian CVElist Bug Report Logs: libxslt: CVE-2015-7995: Type confusion may cause DoS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cada68d7a350396a03fdabefd56361ea"
},
{
"title": "Ubuntu Security Notice: libxslt vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3271-1"
},
{
"title": "Apple: OS X El Capitan 10.11.3 and Security Update 2016-001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=26c74e7f50c7020e38a379f8b41822d1"
},
{
"title": "Apple: tvOS 9.1.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=4ced8cf78124c311ca07c6fa1e52a814"
},
{
"title": "Apple: iOS 9.2.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=2496c641ca758f2cd6e8f21dfba0ed06"
},
{
"title": "Apple: watchOS 2.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0cbe3084baf2e465ecd2cc68ad686a9a"
},
{
"title": "Apple: Apple TV 7.2.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=7fd0c8e5493266a37a14d1b8b5c5ece7"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
},
{
"title": "Splunk Security Announcements: Splunk Enterprise 6.3.3.4, 6.2.9. 6.1.10, 6.0.11, and 5.0.15 and Splunk Light 6.3.3.4 and 6.2.9 address multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=2cb6c312457a6c5231992bd75afc3fcb"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014June 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=f9fbdf3aea1fd17035e18f77d6530ab1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/77325"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962"
},
{
"trust": 1.8,
"url": "https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617"
},
{
"trust": 1.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
},
{
"trust": 1.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.8,
"url": "https://puppet.com/security/cve/cve-2015-7995"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205729"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205731"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht205732"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206168"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2016/dsa-3605"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/10/27/10"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/10/28/4"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1034736"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1038623"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html"
},
{
"trust": 1.7,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.386546"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7995"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90405245/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7995"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.3,
"url": "https://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1722"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1717"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1725"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1727"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1726"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1724"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1723"
},
{
"trust": 0.1,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.386546"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-7995"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3271-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43118"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/info/insightcontrol"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5029"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4738"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3271-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1728"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85956"
},
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "PACKETSTORM",
"id": "137546"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "142342"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85956"
},
{
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"db": "PACKETSTORM",
"id": "137546"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "142342"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-17T00:00:00",
"db": "VULHUB",
"id": "VHN-85956"
},
{
"date": "2015-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"date": "2015-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"date": "2016-06-21T00:21:23",
"db": "PACKETSTORM",
"id": "137546"
},
{
"date": "2016-03-22T15:09:54",
"db": "PACKETSTORM",
"id": "136343"
},
{
"date": "2016-06-02T19:12:12",
"db": "PACKETSTORM",
"id": "137292"
},
{
"date": "2017-04-27T23:24:00",
"db": "PACKETSTORM",
"id": "142342"
},
{
"date": "2016-01-20T16:54:51",
"db": "PACKETSTORM",
"id": "135326"
},
{
"date": "2016-01-20T16:51:56",
"db": "PACKETSTORM",
"id": "135325"
},
{
"date": "2015-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"date": "2015-11-17T15:59:16.287000",
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-85956"
},
{
"date": "2019-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7995"
},
{
"date": "2016-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005957"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-024"
},
{
"date": "2019-03-08T16:06:36.980000",
"db": "NVD",
"id": "CVE-2015-7995"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt of preproc.c of xsltStylePreCompute Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005957"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-024"
}
],
"trust": 0.6
}
}
var-201104-0256
Vulnerability from variot
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. libxslt is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) and BID 46785 (Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities) but has been moved to its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03280632 Version: 1
HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-04-16 Last Updated: 2012-04-16
Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities.
References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2011-4317, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com.
RESOLUTION
HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities.
SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html
HISTORY Version:1 (rev.1) 16 April 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk+MKDYACgkQ4B86/C0qfVkIIgCeIhDxobSe39v5hyk0GRrO6Zaw OHIAoMmRE1imNBs6CtS/6/l1kZY3fwop =hsl/ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
Safari 5.1 and Safari 5.0.6 are now available and address the following:
CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content. CVE-ID CVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security
CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Authenticating to a maliciously crafted website may lead to arbitrary code execution Description: The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems. CVE-ID CVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research
CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: A root certificate that is disabled may still be trusted Description: CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0214 : An anonymous reporter
ColorSync Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution Description: An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0201 : Harry Sintonen
CoreGraphics Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team
International Components for Unicode Available for: Windows 7, Vista, XP SP2 or later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ICU's handling of uppercase strings. Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. CVE-ID CVE-2011-0206 : David Bienvenu of Mozilla
ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure
ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A reentrancy issue existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems. CVE-ID CVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP
ImageIO Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0204 : Dominic Chell of NGS Secure
libxslt Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap Description: libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004. CVE-ID CVE-2011-0195 : Chris Evans of the Google Chrome Security Team
libxml Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A one-byte heap buffer overflow existed in libxml's handling of XML data. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0216 : Billy Rios of the Google Security Team
Safari Available for: Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: If the "AutoFill web forms" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book Description: Safari's "AutoFill web forms" feature filled in non- visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form. CVE-ID CVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah Grossman]
Safari Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites Description: A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process. CVE-ID CVE-2011-0219 : Joshua Smith of Kaon Interactive
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd CVE-2011-0164 : Apple CVE-2011-0218 : SkyLined of Google Chrome Security Team CVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative CVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-0234 : Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative, wushi of team509 working with iDefense VCP CVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-0237 : wushi of team509 working with iDefense VCP CVE-2011-0238 : Adam Barth of Google Chrome Security Team CVE-2011-0240 : wushi of team509 working with iDefense VCP CVE-2011-0253 : Richard Keen CVE-2011-0254 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0255 : An anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc CVE-2011-0983 : Martin Barbella CVE-2011-1109 : Sergey Glazunov CVE-2011-1114 : Martin Barbella CVE-2011-1115 : Martin Barbella CVE-2011-1117 : wushi of team509 CVE-2011-1121 : miaubiz CVE-2011-1188 : Martin Barbella CVE-2011-1203 : Sergey Glazunov CVE-2011-1204 : Sergey Glazunov CVE-2011-1288 : Andreas Kling of Nokia CVE-2011-1293 : Sergey Glazunov CVE-2011-1296 : Sergey Glazunov CVE-2011-1449 : Marek Majkowski, wushi of team 509 working with iDefense VCP CVE-2011-1451 : Sergey Glazunov CVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day Initiative CVE-2011-1457 : John Knottenbelt of Google CVE-2011-1462 : wushi of team509 CVE-2011-1797 : wushi of team509
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A configuration issue existed in WebKit's use of libxslt. Visiting a maliciously crafted website may lead to arbitrary files being created with the privileges of the user, which may lead to arbitrary code execution. This issue is addressed through improved libxslt security settings. CVE-ID CVE-2011-1774 : Nicolas Gregoire of Agarri
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: A cross-origin issue existed in the handling of Web Workers. Visiting a maliciously crafted website may lead to an information disclosure. CVE-ID CVE-2011-1190 : Daniel Divricean of divricean.ro
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of URLs with an embedded username. Visiting a maliciously crafted website may lead to a cross-site scripting attack. This issue is addressed through improved handling of URLs with an embedded username. CVE-ID CVE-2011-0242 : Jobert Abma of Online24
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of DOM nodes. Visiting a maliciously crafted website may lead to a cross- site scripting attack. CVE-ID CVE-2011-1295 : Sergey Glazunov
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to cause a different URL to be shown in the address bar Description: A URL spoofing issue existed in the handling of the DOM history object. A maliciously crafted website may have been able to cause a different URL to be shown in the address bar. CVE-ID CVE-2011-1107 : Jordi Chancel
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure Description: A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs. CVE-ID CVE-2011-0244 : Jason Hullinger
WebKit Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later Impact: Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content Description: DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching. CVE-ID CVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd.
Note: Safari 5.1 is included with OS X Lion.
Safari 5.1 and Safari 5.0.6 address the same set of security issues. Safari 5.1 is provided for Mac OS X v10.6, and Windows systems. Safari 5.0.6 is provided for Mac OS X v10.5 systems.
Safari 5.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/
Safari 5.0.6 is available via the Apple Software Update application, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Safari for Mac OS X v10.6.8 and later The download file is named: Safari5.1SnowLeopard.dmg Its SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24
Safari for Mac OS X v10.5.8 The download file is named: Safari5.0.6Leopard.dmg Its SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f
Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b
Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw up9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD MeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY nKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb vesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/ KD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ= =fOfF -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210
TITLE: Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44207
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44207
RELEASE DATE: 2011-04-16
DISCUSS ADVISORY: http://secunia.com/advisories/44207/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44207/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44207
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some vulnerabilities has been reported in Apple iOS, which can be exploited by malicious people to disclose system information and compromise a vulnerable device.
For more information: SA43832
SOLUTION: Upgrade to iOS 4.3.2 (downloadable and installable via iTunes).
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4606
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201104-0256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.0 to 4.3.1 (iphone 3gs after )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 to 4.3.1 (ipod touch (3rd generation) after )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 4.3.1 (ipad for )"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.17"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.539.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.0"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.530.0"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.19"
},
{
"model": "freeflow print server 81.d0.73",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.18"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.10"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.20"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.14"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.27"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.7"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.518.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.38"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.23"
},
{
"model": "freeflow print server 90.d3.06",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "one-x client enablement service",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.37"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.26"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.17"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.13"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.0.33"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.512.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "seamonkey beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.02"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.537.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.513.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.23"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.506.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.18"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.26"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.4"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.521.0"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.520.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.528.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.35"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.31"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.10"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.498.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.515.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.34"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.14"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.13"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.2"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.24"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.33"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.22"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.12"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.16"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.42"
},
{
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"model": "seamonkey rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.63"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "freeflow print server 82.d1.44",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.516.0"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.522.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.8"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.20"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "voice portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.0.15"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.28"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.30"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"model": "freeflow print server 93.c4.93",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.544.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.21"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.21"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.12"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.4"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "seamonkey beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.540.0"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.14"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.542.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.510.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "firefox beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.2"
},
{
"model": "safari for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.9"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.13"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.509.0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.40"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.03"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.29"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "freeflow print server 93.e0.21c",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.19"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.1"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.541.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.524.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.16"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "seamonkey rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.526.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.505.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.497.0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.02"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.548.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.525.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "xmlsoft",
"version": "1.1.18"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "seamonkey alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.01"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.43"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.504.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "safari for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.41"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "freeflow print server 73.d2.33",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.3"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.538.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.519.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "47668"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0195"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Evans",
"sources": [
{
"db": "BID",
"id": "47668"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-0195",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-48140",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0195",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201104-159",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-48140",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. libxslt is prone to a remote information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may aid in further attacks. \nNOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) and BID 46785 (Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities) but has been moved to its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03280632\nVersion: 1\n\nHPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2012-04-16\nLast Updated: 2012-04-16\n\nPotential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. \n\nReferences: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2011-4317, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.0 running on Linux and Windows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5\nCVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nThe Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. \n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. \n\nSMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html\n\nHISTORY\nVersion:1 (rev.1) 16 April 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk+MKDYACgkQ4B86/C0qfVkIIgCeIhDxobSe39v5hyk0GRrO6Zaw\nOHIAoMmRE1imNBs6CtS/6/l1kZY3fwop\n=hsl/\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6\n\nSafari 5.1 and Safari 5.0.6 are now available and address the\nfollowing:\n\nCFNetwork\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: In certain situations, Safari may treat a file as HTML,\neven if it is served with the \u0027text/plain\u0027 content type. This may\nlead to a cross-site scripting attack on sites that allow untrusted\nusers to post text files. This issue is addressed through improved\nhandling of \u0027text/plain\u0027 content. \nCVE-ID\nCVE-2010-1420 : Hidetake Jo working with Microsoft Vulnerability\nResearch (MSVR), Neal Poole of Matasano Security\n\nCFNetwork\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Authenticating to a maliciously crafted website may lead to\narbitrary code execution\nDescription: The NTLM authentication protocol is susceptible to a\nreplay attack referred to as credential reflection. Authenticating to\na maliciously crafted website may lead to arbitrary code execution. \nTo mitigate this issue, Safari has been updated to utilize protection\nmechanisms recently added to Windows. This issue does not affect Mac\nOS X systems. \nCVE-ID\nCVE-2010-1383 : Takehiro Takahashi of IBM X-Force Research\n\nCFNetwork\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: A root certificate that is disabled may still be trusted\nDescription: CFNetwork did not properly validate that a certificate\nwas trusted for use by a SSL server. As a result, if the user had\nmarked a system root certificate as not trusted, Safari would still\naccept certificates signed by that root. This issue is addressed\nthrough improved certificate validation. This issue does not affect\nMac OS X systems. \nCVE-ID\nCVE-2011-0214 : An anonymous reporter\n\nColorSync\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription: An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. Opening a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.5 systems, this issue\nis addressed in Security Update 2011-004. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreFoundation\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Applications that use the CoreFoundation framework may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An off-by-one buffer overflow issue existed in the\nhandling of CFStrings. Applications that use the CoreFoundation\nframework may be vulnerable to an unexpected application termination\nor arbitrary code execution. For Mac OS X v10.6 systems, this issue\nis addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0201 : Harry Sintonen\n\nCoreGraphics\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in the handling of\nType 1 fonts. Viewing or downloading a document containing a\nmaliciously crafted embedded font may lead to arbitrary code\nexecution. For Mac OS X v10.6 systems, this issue is addressed in Mac\nOS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in\nSecurity Update 2011-004. \nCVE-ID\nCVE-2011-0202 : Cristian Draghici of Modulo Consulting, Felix Grobert\nof the Google Security Team\n\nInternational Components for Unicode\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A buffer overflow issue existed in ICU\u0027s handling of\nuppercase strings. Applications that use ICU may be vulnerable to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nCVE-ID\nCVE-2011-0206 : David Bienvenu of Mozilla\n\nImageIO\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nImageIO\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF\nimage may lead to an unexpected application termination or arbitrary\ncode execution. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A reentrancy issue existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. This\nissue does not affect Mac OS X systems. \nCVE-ID\nCVE-2011-0215 : Juan Pablo Lopez Yacubian working with iDefense VCP\n\nImageIO\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in ImageIO\u0027s handling of\nTIFF images. Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution. For\nMac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. \nFor Mac OS X v10.5 systems, this issue is addressed in Security\nUpdate 2011-004. \nCVE-ID\nCVE-2011-0204 : Dominic Chell of NGS Secure\n\nlibxslt\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of addresses on the heap\nDescription: libxslt\u0027s implementation of the generate-id() XPath\nfunction disclosed the address of a heap buffer. Visiting a\nmaliciously crafted website may lead to the disclosure of addresses\non the heap. This issue is addressed by generating an ID based on the\ndifference between the addresses of two heap buffers. For Mac OS X\nv10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac\nOS X v10.5 systems, this issue is addressed in Security Update\n2011-004. \nCVE-ID\nCVE-2011-0195 : Chris Evans of the Google Chrome Security Team\n\nlibxml\nAvailable for: Windows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A one-byte heap buffer overflow existed in libxml\u0027s\nhandling of XML data. Visiting a maliciously crafted website may lead\nto an unexpected application termination or arbitrary code execution. \nCVE-ID\nCVE-2011-0216 : Billy Rios of the Google Security Team\n\nSafari\nAvailable for: Mac OS X v10.6.8 or later,\nMac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later\nImpact: If the \"AutoFill web forms\" feature is enabled, visiting a\nmaliciously crafted website and typing may lead to the disclosure of\ninformation from the user\u0027s Address Book\nDescription: Safari\u0027s \"AutoFill web forms\" feature filled in non-\nvisible form fields, and the information was accessible by scripts on\nthe site before the user submitted the form. This issue is addressed\nby displaying all fields that will be filled, and requiring the\nuser\u0027s consent before AutoFill information is available to the form. \nCVE-ID\nCVE-2011-0217 : Florian Rienhardt of BSI, Alex Lambert, [Jeremiah\nGrossman]\n\nSafari\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: With a certain Java configuration, visiting a malicious\nwebsite may lead to unexpected text being displayed on other sites\nDescription: A cross origin issue existed in the handling of Java\nApplets. This applies when Java is enabled in Safari, and Java is\nconfigured to run within the browser process. Fonts loaded by a Java\napplet could affect the display of text content from other sites. \nThis issue is addressed by running Java applets in a separate\nprocess. \nCVE-ID\nCVE-2011-0219 : Joshua Smith of Kaon Interactive\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nVisiting a maliciously crafted website may lead to an unexpected\napplication termination or arbitrary code execution. \nCVE-ID\nCVE-2010-1823 : David Weston of Microsoft and Microsoft Vulnerability\nResearch (MSVR), wushi of team509, and Yong Li of Research In Motion\nLtd\nCVE-2011-0164 : Apple\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0223 : Jose A. Vazquez of spa-s3c.blogspot.com working with\niDefense VCP\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0232 : J23 working with TippingPoint\u0027s Zero Day Initiative\nCVE-2011-0233 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-0234 : Rob King working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative, wushi of team509 working with iDefense VCP\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\nTeam\nCVE-2011-0237 : wushi of team509 working with iDefense VCP\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\nCVE-2011-0240 : wushi of team509 working with iDefense VCP\nCVE-2011-0253 : Richard Keen\nCVE-2011-0254 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0255 : An anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\nCVE-2011-0983 : Martin Barbella\nCVE-2011-1109 : Sergey Glazunov\nCVE-2011-1114 : Martin Barbella\nCVE-2011-1115 : Martin Barbella\nCVE-2011-1117 : wushi of team509\nCVE-2011-1121 : miaubiz\nCVE-2011-1188 : Martin Barbella\nCVE-2011-1203 : Sergey Glazunov\nCVE-2011-1204 : Sergey Glazunov\nCVE-2011-1288 : Andreas Kling of Nokia\nCVE-2011-1293 : Sergey Glazunov\nCVE-2011-1296 : Sergey Glazunov\nCVE-2011-1449 : Marek Majkowski, wushi of team 509 working with\niDefense VCP\nCVE-2011-1451 : Sergey Glazunov\nCVE-2011-1453 : wushi of team509 working with TippingPoint\u0027s Zero Day\nInitiative\nCVE-2011-1457 : John Knottenbelt of Google\nCVE-2011-1462 : wushi of team509\nCVE-2011-1797 : wushi of team509\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A configuration issue existed in WebKit\u0027s use of\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\nfiles being created with the privileges of the user, which may lead\nto arbitrary code execution. This issue is addressed through improved\nlibxslt security settings. \nCVE-ID\nCVE-2011-1774 : Nicolas Gregoire of Agarri\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to an\ninformation disclosure\nDescription: A cross-origin issue existed in the handling of Web\nWorkers. Visiting a maliciously crafted website may lead to an\ninformation disclosure. \nCVE-ID\nCVE-2011-1190 : Daniel Divricean of divricean.ro\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-origin issue existed in the handling of URLs\nwith an embedded username. Visiting a maliciously crafted website may\nlead to a cross-site scripting attack. This issue is addressed\nthrough improved handling of URLs with an embedded username. \nCVE-ID\nCVE-2011-0242 : Jobert Abma of Online24\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-origin issue existed in the handling of DOM\nnodes. Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack. \nCVE-ID\nCVE-2011-1295 : Sergey Glazunov\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: A maliciously crafted website may be able to cause a\ndifferent URL to be shown in the address bar\nDescription: A URL spoofing issue existed in the handling of the DOM\nhistory object. A maliciously crafted website may have been able to\ncause a different URL to be shown in the address bar. \nCVE-ID\nCVE-2011-1107 : Jordi Chancel\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Subscribing to a maliciously crafted RSS feed and clicking\non a link within it may lead to an information disclosure\nDescription: A canonicalization issue existed in the handling of\nURLs. Subscribing to a maliciously crafted RSS feed and clicking on a\nlink within it may lead to arbitrary files being sent from the user\u0027s\nsystem to a remote server. This update addresses the issue through\nimproved handling of URLs. \nCVE-ID\nCVE-2011-0244 : Jason Hullinger\n\nWebKit\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\nMac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later,\nWindows 7, Vista, XP SP2 or later\nImpact: Applications that use WebKit, such as mail clients, may\nconnect to an arbitrary DNS server upon processing HTML content\nDescription: DNS prefetching was enabled by default in WebKit. \nApplications that use WebKit, such a s mail clients, may connect to\nan arbitrary DNS server upon processing HTML content. This update\naddresses the issue by requiring applications to opt in to DNS\nprefetching. \nCVE-ID\nCVE-2010-3829 : Mike Cardwell of Cardwell IT Ltd. \n\n\nNote: Safari 5.1 is included with OS X Lion. \n\n\nSafari 5.1 and Safari 5.0.6 address the same set of security\nissues. Safari 5.1 is provided for Mac OS X v10.6,\nand Windows systems. Safari 5.0.6 is provided for\nMac OS X v10.5 systems. \n\nSafari 5.1 is available via the Apple Software Update\napplication, or Apple\u0027s Safari download site at:\nhttp://www.apple.com/safari/download/\n\nSafari 5.0.6 is available via the Apple Software Update\napplication, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nSafari for Mac OS X v10.6.8 and later\nThe download file is named: Safari5.1SnowLeopard.dmg\nIts SHA-1 digest is: 2c3cef8e06c5aa586379b1a5fd5cf7b54e8acc24\n\nSafari for Mac OS X v10.5.8\nThe download file is named: Safari5.0.6Leopard.dmg\nIts SHA-1 digest is: ea970375d2116a7b74094a2a7669bebc306b6e6f\n\nSafari for Windows 7, Vista or XP\nThe download file is named: SafariSetup.exe\nIts SHA-1 digest is: d00b791c694b1ecfc22d6a1ec9aa21cc14fd8e36\n\nSafari for Windows 7, Vista or XP from the Microsoft Choice Screen\nThe download file is named: Safari_Setup.exe\nIts SHA-1 digest is: ccb3bb6b06468a430171d9f62708a1a6d917f45b\n\nSafari+QuickTime for Windows 7, Vista or XP\nThe file is named: SafariQuickTimeSetup.exe\nIts SHA-1 digest is: 1273e0ee742a294d65e4f25a9b3e36f79fb517c9\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (Darwin)\n\niQEcBAEBAgAGBQJOJI45AAoJEGnF2JsdZQeezHQIALKZms5tzYgYxUSdxmo+DmYw\nup9gAmEVcltZvCeVS1lUxfjqnRiGRSWyuou8Ynt9PfGQCz9GfLvzlrCHc5rsnKaD\nMeYY1IH7lQc6aqmV0hwb4nUL5qJntP6G5Ai0E/0UiRQNC/ummS+qnmdsiFo78ODY\nnKaB5cAWhqGHgOAPnUG0JwmxpYgR2HEtGYJSqlYykMwt1vnlAr5hHVNaUJcJ3Hlb\nvesN6fB7zQMiJVo8+iJBixCvIYlbII5HnVAmD1ToyKgENg4Iguo46YBMVr8DPgF/\nKD2s0+VF/O4utYVX0GiRGReVyq1PMvz/HI23ym8U3LjbezXD/AALQET0Q2hUEYQ=\n=fOfF\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nA step-by-step discussion of the latest Flash Player 0-day exploit:\nhttp://secunia.com/blog/210\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApple iOS Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44207\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44207/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44207\n\nRELEASE DATE:\n2011-04-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44207/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44207/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44207\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome vulnerabilities has been reported in Apple iOS, which can be\nexploited by malicious people to disclose system information and\ncompromise a vulnerable device. \n\nFor more information:\nSA43832\n\nSOLUTION:\nUpgrade to iOS 4.3.2 (downloadable and installable via iTunes). \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4606\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "BID",
"id": "47668"
},
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "PACKETSTORM",
"id": "111915"
},
{
"db": "PACKETSTORM",
"id": "103216"
},
{
"db": "PACKETSTORM",
"id": "112043"
},
{
"db": "PACKETSTORM",
"id": "100492"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0195",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1025365",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "44207",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-04-14-1",
"trust": 0.6
},
{
"db": "BID",
"id": "47668",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-48140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111915",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103216",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112043",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100492",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "BID",
"id": "47668"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "PACKETSTORM",
"id": "111915"
},
{
"db": "PACKETSTORM",
"id": "103216"
},
{
"db": "PACKETSTORM",
"id": "112043"
},
{
"db": "PACKETSTORM",
"id": "100492"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"id": "VAR-201104-0256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48140"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:25:13.491000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4606",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4606"
},
{
"title": "HT4723",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4723"
},
{
"title": "HT4808",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4808"
},
{
"title": "HT4606",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4606?viewlocale=ja_jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1025365"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//apr/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4723"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht4808"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0195"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu976710"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu781747"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu805814"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0195"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/44207"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
},
{
"trust": 0.3,
"url": "http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windows/ie/"
},
{
"trust": 0.3,
"url": "http://xmlsoft.org/xslt/"
},
{
"trust": 0.3,
"url": "http://www.mozilla.com/en-us/"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-18.html"
},
{
"trust": 0.3,
"url": "http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html"
},
{
"trust": 0.3,
"url": "http://www.mozilla.org/projects/seamonkey/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100144158"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100167733"
},
{
"trust": 0.3,
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/en/support/security/advisories/?dis=2010.1\u0026name=mdvsa-2011:079"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2013-0001.html"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/10be6-4f72fbafb1868/cert_xrx14-002_v1.0.pdf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1623"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4409"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1468"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1467"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1471"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1470"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
},
{
"trust": 0.2,
"url": "http://h18000.www1.hp.com/products/servers/management/agents/index.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1928"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3436"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0037"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0240"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0238"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0233"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0202"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1823"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44207"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44207/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44207/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/210"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht4606"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "BID",
"id": "47668"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "PACKETSTORM",
"id": "111915"
},
{
"db": "PACKETSTORM",
"id": "103216"
},
{
"db": "PACKETSTORM",
"id": "112043"
},
{
"db": "PACKETSTORM",
"id": "100492"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-48140"
},
{
"db": "BID",
"id": "47668"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"db": "PACKETSTORM",
"id": "111915"
},
{
"db": "PACKETSTORM",
"id": "103216"
},
{
"db": "PACKETSTORM",
"id": "112043"
},
{
"db": "PACKETSTORM",
"id": "100492"
},
{
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-48140"
},
{
"date": "2011-03-08T00:00:00",
"db": "BID",
"id": "47668"
},
{
"date": "2011-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"date": "2012-04-17T20:34:39",
"db": "PACKETSTORM",
"id": "111915"
},
{
"date": "2011-07-21T14:16:35",
"db": "PACKETSTORM",
"id": "103216"
},
{
"date": "2012-04-20T20:15:33",
"db": "PACKETSTORM",
"id": "112043"
},
{
"date": "2011-04-17T06:25:10",
"db": "PACKETSTORM",
"id": "100492"
},
{
"date": "2011-04-15T19:55:00.653000",
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"date": "2011-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-48140"
},
{
"date": "2015-04-13T21:25:00",
"db": "BID",
"id": "47668"
},
{
"date": "2011-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001529"
},
{
"date": "2011-07-23T02:39:11.990000",
"db": "NVD",
"id": "CVE-2011-0195"
},
{
"date": "2011-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of generate-id XPath Vulnerabilities that capture important information on functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001529"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201104-159"
}
],
"trust": 0.6
}
}
var-201607-0351
Vulnerability from variot
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4609 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libxslt",
"scope": null,
"trust": 1.4,
"vendor": "xmlsoft",
"version": null
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "libxslt",
"scope": "lte",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.28"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 and later"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.2 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.28",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4608"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4608",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4608",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93427",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4608",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4608",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-869",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93427",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4609 , CVE-2016-4610 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx\nhvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj\nuS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV\n5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1\nlC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S\nCVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1\nH+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6\nSeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo\n4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ\nitACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr\nf9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg\n/esomms9/qUSQyOF2huK\n=zqBF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4608",
"trust": 3.2
},
{
"db": "BID",
"id": "91826",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036348",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137963",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"id": "VAR-201607-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93427"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:45:39.048000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206903"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "libxslt",
"trust": 0.8,
"url": "http://xmlsoft.org/libxslt/index.html"
},
{
"title": "Multiple Apple Product memory corruption vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63229"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/91826"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206899"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206901"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206904"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036348"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4608"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4608"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.4,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.2,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93427"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93427"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"date": "2016-07-19T20:07:49",
"db": "PACKETSTORM",
"id": "137963"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-19T20:00:50",
"db": "PACKETSTORM",
"id": "137960"
},
{
"date": "2016-07-22T02:59:31.523000",
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-93427"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004035"
},
{
"date": "2023-11-07T02:32:41.523000",
"db": "NVD",
"id": "CVE-2016-4608"
},
{
"date": "2019-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxslt Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004035"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-869"
}
],
"trust": 0.6
}
}
var-201607-0354
Vulnerability from variot
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. plural Apple Product libxslt There is a service disruption ( Memory corruption ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4609 ,and CVE-2016-4610 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libxslt",
"scope": null,
"trust": 1.4,
"vendor": "xmlsoft",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 and later"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.2 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:xmlsoft:libxslt",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4612",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4612",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4612",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4612",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-872",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. plural Apple Product libxslt There is a service disruption ( Memory corruption ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4609 ,and CVE-2016-4610 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx\nhvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj\nuS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV\n5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1\nlC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S\nCVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1\nH+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6\nSeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo\n4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ\nitACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr\nf9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg\n/esomms9/qUSQyOF2huK\n=zqBF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4612"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "VULHUB",
"id": "VHN-93431"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4612",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872",
"trust": 0.7
},
{
"db": "BID",
"id": "91826",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93431",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137963",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93431"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4612"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"id": "VAR-201607-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93431"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:09:33.301000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206903"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "libxslt",
"trust": 0.8,
"url": "http://xmlsoft.org/libxslt/index.html"
},
{
"title": "Multiple Apple Product denial of service vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63232"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4612"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4612"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206899"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206904"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206901"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"trust": 0.6,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"trust": 0.4,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.2,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
}
],
"sources": [
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93431"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4612"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93431"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"date": "2016-07-19T20:07:49",
"db": "PACKETSTORM",
"id": "137963"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-19T20:00:50",
"db": "PACKETSTORM",
"id": "137960"
},
{
"date": "2016-07-22T02:59:35.397000",
"db": "NVD",
"id": "CVE-2016-4612"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-93431"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004038"
},
{
"date": "2023-11-07T02:32:41.863000",
"db": "NVD",
"id": "CVE-2016-4612"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxslt Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004038"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-872"
}
],
"trust": 0.6
}
}
var-201607-0353
Vulnerability from variot
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4609 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libxslt",
"scope": null,
"trust": 1.4,
"vendor": "xmlsoft",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "libxslt",
"scope": "lt",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.29"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 and later"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9.5"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.2.1 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.4.2 (windows 7 or later )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2.2 (apple watch)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.11.6",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.2",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 0.4
},
"cve": "CVE-2016-4610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4610",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93429",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4610",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4610",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-871",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93429",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-4610",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. This vulnerability CVE-2016-4607 , CVE-2016-4608 , CVE-2016-4609 ,and CVE-2016-4612 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxslt is an XSLT (XML language for defining XML transformations) C library developed for the GNOME project. A security vulnerability exists in libxslt in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx\nhvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj\nuS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV\n5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1\nlC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S\nCVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1\nH+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6\nSeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo\n4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ\nitACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr\nf9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg\n/esomms9/qUSQyOF2huK\n=zqBF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4610",
"trust": 3.3
},
{
"db": "BID",
"id": "91826",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036348",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2737",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93429",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137963",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"id": "VAR-201607-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93429"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:03:32.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"title": "APPLE-SA-2016-07-18-6 iTunes 12.4.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206903"
},
{
"title": "HT206899",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206899"
},
{
"title": "HT206901",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206901"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "HT206903",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206903"
},
{
"title": "HT206904",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206904"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "libxslt",
"trust": 0.8,
"url": "http://xmlsoft.org/libxslt/index.html"
},
{
"title": "Multiple Apple Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63231"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/91826"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206899"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206901"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206903"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206904"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036348"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4610"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4610"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sk4yniss22mjy22yx5i6v2u63qzaueha/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2737/"
},
{
"trust": 0.4,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.4,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.2,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93429"
},
{
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"db": "BID",
"id": "91826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"db": "PACKETSTORM",
"id": "137963"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "PACKETSTORM",
"id": "137960"
},
{
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93429"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"date": "2016-07-19T20:07:49",
"db": "PACKETSTORM",
"id": "137963"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-19T20:00:50",
"db": "PACKETSTORM",
"id": "137960"
},
{
"date": "2016-07-22T02:59:34.180000",
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-93429"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4610"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91826"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004037"
},
{
"date": "2023-11-07T02:32:41.743000",
"db": "NVD",
"id": "CVE-2016-4610"
},
{
"date": "2019-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxslt Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004037"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-871"
}
],
"trust": 0.6
}
}
var-201208-0343
Vulnerability from variot
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user or steal cookie-based authentication credentials; other attacks are also possible. Versions prior to Chrome 21.0.1180.89 are vulnerable. A vulnerability exists in libxslt 1.1.26 and earlier versions using Google Chrome prior to 21.0.1180.89 due to improper memory management. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:164 http://www.mandriva.com/security/
Package : libxslt Date : October 11, 2012 Affected: 2011., Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in libxslt:
Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors (CVE-2011-1202).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
Updated Packages:
Mandriva Linux 2011: 8d19c2f47f598929504906b5728f1908 2011/i586/libxslt1-1.1.26-4.3-mdv2011.0.i586.rpm a440039df83de1791527376cd6fc944c 2011/i586/libxslt-devel-1.1.26-4.3-mdv2011.0.i586.rpm c27dd1ea12e33f1657fa69347570e9ba 2011/i586/python-libxslt-1.1.26-4.3-mdv2011.0.i586.rpm 5d5d239e22221799fde1303bc1e8ff4f 2011/i586/xsltproc-1.1.26-4.3-mdv2011.0.i586.rpm 800ca7cd52aa4b3aee9766c48e31fab4 2011/SRPMS/libxslt-1.1.26-4.3.src.rpm
Mandriva Linux 2011/X86_64: 562107ae8fe225d597f81425b36eb6bd 2011/x86_64/lib64xslt1-1.1.26-4.3-mdv2011.0.x86_64.rpm acc201d0f7a56fd57f17155930bd4d58 2011/x86_64/lib64xslt-devel-1.1.26-4.3-mdv2011.0.x86_64.rpm e621295e171eb959a43bf0b612800ac2 2011/x86_64/python-libxslt-1.1.26-4.3-mdv2011.0.x86_64.rpm c579ae813ba11c3cd5d1c0f4cce0501f 2011/x86_64/xsltproc-1.1.26-4.3-mdv2011.0.x86_64.rpm 800ca7cd52aa4b3aee9766c48e31fab4 2011/SRPMS/libxslt-1.1.26-4.3.src.rpm
Mandriva Enterprise Server 5: f826a7ddc953e8f7b7b40deb76912e20 mes5/i586/libxslt1-1.1.24-3.3mdvmes5.2.i586.rpm b8e76d09360e0909f5da8f579b104aef mes5/i586/libxslt-devel-1.1.24-3.3mdvmes5.2.i586.rpm ee7c9b7d2f31a60a5e9f56609dfeaa74 mes5/i586/libxslt-proc-1.1.24-3.3mdvmes5.2.i586.rpm 8c185d22c7d001a80626b3889d8fd3ab mes5/i586/python-libxslt-1.1.24-3.3mdvmes5.2.i586.rpm 7e2de920a497470f4375dd3678722bc3 mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 016b471e89084c406ea67ed0291e4f14 mes5/x86_64/lib64xslt1-1.1.24-3.3mdvmes5.2.x86_64.rpm 085944e218fa19c482907f36cb4039be mes5/x86_64/lib64xslt-devel-1.1.24-3.3mdvmes5.2.x86_64.rpm 814524bab2901c4b62c575eabcb9b894 mes5/x86_64/libxslt-proc-1.1.24-3.3mdvmes5.2.x86_64.rpm 18e50a556417c1541dcbab2b4650d5c0 mes5/x86_64/python-libxslt-1.1.24-3.3mdvmes5.2.x86_64.rpm 7e2de920a497470f4375dd3678722bc3 mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. ============================================================================ Ubuntu Security Notice USN-1595-1 October 04, 2012
libxslt vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file.
Software Description: - libxslt: XSLT processing library
Details:
Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970)
Nicholas Gregoire discovered that libxslt incorrectly handled unexpected DTD nodes. (CVE-2012-2825)
Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870)
Nicholas Gregoire discovered that libxslt incorrectly handled certain transforms. (CVE-2012-2871)
Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libxslt1.1 1.1.26-8ubuntu1.2
Ubuntu 11.10: libxslt1.1 1.1.26-7ubuntu0.1
Ubuntu 11.04: libxslt1.1 1.1.26-6ubuntu0.1
Ubuntu 10.04 LTS: libxslt1.1 1.1.26-1ubuntu1.1
Ubuntu 8.04 LTS: libxslt1.1 1.1.22-1ubuntu1.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1595-1 CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.2 https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.26-6ubuntu0.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.3 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-07
http://security.gentoo.org/
Severity: Normal Title: libxslt: Denial of Service Date: January 10, 2014 Bugs: #433603, #436284, #463236, #496114 ID: 201401-07
Synopsis
Multiple Denial of Service vulnerabilities have been found in libxslt.
Background
libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxslt < 1.1.28 >= 1.1.28
Description
Multiple vulnerabilities have been found in libxslt:
- Multiple errors exist in pattern.c and functions.c (CVE-2012-2870, CVE-2012-6139).
- A double-free error exists in templates.c (CVE-2012-2893).
- A NULL pointer dereference in keys.c (CVE-2012-6139).
- An error in handling stylesheets containing DTDs (CVE-2013-4520).
Workaround
There is no known workaround at this time.
Resolution
All libxslt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.28"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2012-2870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2870 [ 2 ] CVE-2012-2893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893 [ 3 ] CVE-2012-6139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6139 [ 4 ] CVE-2013-4520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4520
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (squeeze), these problems have been fixed in version 1.1.26-6+squeeze2.
For the unstable distribution (sid), these problems have been fixed in version 1.1.26-14.
We recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-18-2 iOS 7
iOS 7 is now available and addresses the following:
Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots.
CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
CoreMedia Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative
Data Protection Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Apps could bypass passcode-attempt restrictions Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks. CVE-ID CVE-2013-0957 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University
Data Security Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134
dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser
File Systems Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who can mount a non-HFS filesystem may be able to cause an unexpected system termination or arbitrary code execution with kernel privileges Description: A memory corruption issue existed in the handling of AppleDouble files. This issue was addressed by removing support for AppleDouble files. CVE-ID CVE-2013-3955 : Stefan Esser
ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
IOKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Background applications could inject user interface events into the foreground app Description: It was possible for background applications to inject user interface events into the foreground application using the task completion or VoIP APIs. This issue was addressed by enforcing access controls on foreground and background processes that handle interface events. CVE-ID CVE-2013-5137 : Mackenzie Straight at Mobile Labs
IOKitUser Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes
IOSerialFamily Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt
IPSec Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by improved certificate checking. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause device hang Description: An integer truncation vulnerability in the kernel socket interface could be leveraged to force the CPU into an infinite loop. The issue was addressed by using a larger sized variable. CVE-ID CVE-2013-5141 : CESG
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser
Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser
Kext Management Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM"
libxml Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of phone calls and SIM card ejection at the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2013-5147 : videosdebarraquito
Personal Hotspot Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to join a Personal Hotspot network Description: An issue existed in the generation of Personal Hotspot passwords, resulting in passwords that could be predicted by an attacker to join a user's Personal Hotspot. The issue was addressed by generating passwords with higher entropy. CVE-ID CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz of University Erlangen-Nuremberg
Push Notifications Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The push notification token may be disclosed to an app contrary to the user's decision Description: An information disclosure issue existed in push notification registration. Apps requesting access to the push notification access received the token before the user approved the app's use of push notifications. This issue was addressed by withholding access to the token until the user has approved access. CVE-ID CVE-2013-5149 : Jack Flintermann of Grouper, Inc.
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: History of pages recently visited in an open tab may remain after clearing of history Description: Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history. CVE-ID CVE-2013-5150
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing files on a website may lead to script execution even when the server sends a 'Content-Type: text/plain' header Description: Mobile Safari sometimes treated files as HTML files even when the server sent a 'Content-Type: text/plain' header. This may lead to cross-site scripting on sites that allow users to upload files. This issue was addressed through improved handling of files when 'Content-Type: text/plain' is set. CVE-ID CVE-2013-5151 : Ben Toews of Github
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may allow an arbitrary URL to be displayed Description: A URL bar spoofing issue existed in Mobile Safari. This issue was addressed through improved URL tracking. CVE-ID CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS
Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications that are scripts were not sandboxed Description: Third-party applications which used the #! syntax to run a script were sandboxed based on the identity of the script interpreter, not the script. The interpreter may not have a sandbox defined, leading to the application being run unsandboxed. This issue was addressed by creating the sandbox based on the identity of the script. CVE-ID CVE-2013-5154 : evad3rs
Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications can cause a system hang Description: Malicious third-party applications that wrote specific values to the /dev/random device could force the CPU to enter an infinite loop. This issue was addressed by preventing third-party applications from writing to /dev/random. CVE-ID CVE-2013-5155 : CESG
Social Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users recent Twitter activity could be disclosed on devices with no passcode. Description: An issue existed where it was possible to determine what Twitter accounts a user had recently interacted with. This issue was resolved by restricting access to the Twitter icon cache. CVE-ID CVE-2013-5158 : Jonathan Zdziarski
Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device in Lost Mode may be able to view notifications Description: An issue existed in the handling of notifications when a device is in Lost Mode. This update addresses the issue with improved lock state management. CVE-ID CVE-2013-5153 : Daniel Stangroom
Telephony Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious apps could interfere with or control telephony functionality Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon. CVE-ID CVE-2013-5156 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology
Twitter Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sandboxed apps could send tweets without user interaction or permission Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon. CVE-ID CVE-2013-5157 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. A maliciously crafted website could use an iframe to determine if another site used window.webkitRequestAnimationFrame(). This issue was addressed through improved handling of window.webkitRequestAnimationFrame(). CVE-ID CVE-2013-5159
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c (xysec.com)
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook
WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs. CVE-ID CVE-2013-2848 : Egor Homakov
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Dragging or pasting a selection may lead to a cross-site scripting attack Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. CVE-ID CVE-2013-5129 : Mario Heiderich
WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5131 : Erling A Ellingsen
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "7.0".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN 0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2 TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni 5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR GowSVGG+cJtvrngVhy3E =dNVy -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0343",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "21.0.1180.75"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.85"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.31"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.18"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.37"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.41"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.12"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.22"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.11"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.70"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.87"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.48"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.62"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.19"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.56"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.77"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.38"
},
{
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.51"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.64"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.63"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.74"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.61"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.0"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.14"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.17"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.69"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.84"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.76"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.54"
},
{
"model": "libxslt",
"scope": "lte",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.26"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.20"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.21"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 1.0,
"vendor": "xmlsoft",
"version": "1.1.15"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "21.0.1180.53"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1004"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375127"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1033"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "1.1.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1044"
},
{
"model": "chrome",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.391.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.306.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1012"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1039"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.539.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.434.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1031"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.399.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.365.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.474.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.2"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.326.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.47255"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.40"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.35"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.530.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.348.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1010"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.18"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.82"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.395.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1051"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1061"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.385.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.319.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.445.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.443.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.296.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.374.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.275.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96379"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.417.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.21"
},
{
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1043"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1049"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.7"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.407.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1057"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.518.0"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.346.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.421.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.390.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.382.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.27"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.438.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.462.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.11"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "one-x client enablement service",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.368.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96365"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.126"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.481.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.489.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.393.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.362.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.423.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.323.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.370.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.380.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.512.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.419.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.48"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.361.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1018"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.483.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.467.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.435.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.278.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.413.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.452.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1017"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.64"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.537.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.379.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.513.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.453.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1062"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.490.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1020"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.469.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1042"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1058"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.158.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.334.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.506.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1054"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.168"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.414.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.53"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.494.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.484.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1030"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.328.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.482.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.479.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.381.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.394.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.415.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.364.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.521.0"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.520.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.349.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1022"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.528.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.350.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.476.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491064"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.61"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.354.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.345.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.325.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1026"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.33"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.4"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.431.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.347.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.24"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.498.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.412.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1038"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.406.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.515.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.416.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.91275"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.445.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.409.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.329.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1006"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.315.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.32"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.277.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.384.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.170.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.350.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.157.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.422.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.154.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.61"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.299.0"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.193.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.371.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.8"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.169.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "1.1.26"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "1.1.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.272.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.169.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.411.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.452.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.288.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.496.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.363.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.294.0"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.367.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1016"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1045"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.36"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.454.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.28"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.453.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.337.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.301.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.96"
},
{
"model": "ios for developer",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1032"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.80"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.473.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.441.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1040"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.157.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.314.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.151"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.440.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.426.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.343.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.355.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.327.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.477.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1055"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.22"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.401.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.516.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.430.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.493.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.457.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.21"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.308.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.211.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.4"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.401.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.495.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1019"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491036"
},
{
"model": "tv",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.522.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.341.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.152.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.338.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.451.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.59"
},
{
"model": "voice portal sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1015"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.398.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.480.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.19"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.28"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.4"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.427.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.7"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375125"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1024"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.276.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.544.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.1"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.8"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1041"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1021"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.336.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.305.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1034"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.38"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.98"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.320.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.37"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.17"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.224.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.33"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.339.0"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.424.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1035"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.288.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.478.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.540.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.465.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.542.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.37599"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.330.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1014"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.212.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1001"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.492.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.510.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.1549"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.410.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1056"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.405.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.292.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.212.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.153.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1029"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.7"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.378.0"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.62"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1037"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1060"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "1.1.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.300.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.509.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.387.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.382.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.290.0"
},
{
"model": "aura presence services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.40"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.386.0"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.425.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.485.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.486.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.48"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.372.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.392.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.403.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.221.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1063"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.304.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1028"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.289.0"
},
{
"model": "libxslt",
"scope": "eq",
"trust": 0.3,
"vendor": "gnome",
"version": "1.1.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.31"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.487.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1046"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.303.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491059"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.332.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.159.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.60"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.275.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.340.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1013"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.436.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1023"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.373.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.397.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.353.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.491.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.1"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.470.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.461.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.446.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.321.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.357.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.459.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.541.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.333.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.313.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.475.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.524.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.351.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.42"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.471.0"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1027"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.396.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.415.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.428.0"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.309.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.460.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.344.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.156.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1053"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.455.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.488.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.526.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.449.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.190.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.505.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.400.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.497.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.287.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.286.0"
},
{
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.33"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.444.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.358.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.548.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.58"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.24"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1007"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1047"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.456.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1052"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.525.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.490.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.53"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1009"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.495.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.432.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.314.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.0"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.324.0"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1048"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1050"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.47"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.433.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.8"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.416.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.52"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.18"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.182.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.354.1"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.504.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.316.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.3"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.162"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "communication server 1000e signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.464.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.271.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.154.0"
},
{
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.359.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "communication server 1000m signaling server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.383.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.376.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.465.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.306.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1025"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.295.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.3"
},
{
"model": "communication server 1000e",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.37586"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.538.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.519.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.318.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1011"
},
{
"model": "communication server 1000m",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "55331"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.0.1180.88",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "miaubiz, Fermin Serna of the Google Security Team, Emmanuel Bronshtein and Nicolas Gregoire",
"sources": [
{
"db": "BID",
"id": "55331"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-56151",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-2870",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56151",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-2870",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. Google Chrome is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user or steal cookie-based authentication credentials; other attacks are also possible. \nVersions prior to Chrome 21.0.1180.89 are vulnerable. A vulnerability exists in libxslt 1.1.26 and earlier versions using Google Chrome prior to 21.0.1180.89 due to improper memory management. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:164\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : libxslt\n Date : October 11, 2012\n Affected: 2011., Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in libxslt:\n \n Unspecified vulnerability in XSLT allows remote attackers to obtain\n potentially sensitive information about heap memory addresses via\n unknown vectors (CVE-2011-1202). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 8d19c2f47f598929504906b5728f1908 2011/i586/libxslt1-1.1.26-4.3-mdv2011.0.i586.rpm\n a440039df83de1791527376cd6fc944c 2011/i586/libxslt-devel-1.1.26-4.3-mdv2011.0.i586.rpm\n c27dd1ea12e33f1657fa69347570e9ba 2011/i586/python-libxslt-1.1.26-4.3-mdv2011.0.i586.rpm\n 5d5d239e22221799fde1303bc1e8ff4f 2011/i586/xsltproc-1.1.26-4.3-mdv2011.0.i586.rpm \n 800ca7cd52aa4b3aee9766c48e31fab4 2011/SRPMS/libxslt-1.1.26-4.3.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 562107ae8fe225d597f81425b36eb6bd 2011/x86_64/lib64xslt1-1.1.26-4.3-mdv2011.0.x86_64.rpm\n acc201d0f7a56fd57f17155930bd4d58 2011/x86_64/lib64xslt-devel-1.1.26-4.3-mdv2011.0.x86_64.rpm\n e621295e171eb959a43bf0b612800ac2 2011/x86_64/python-libxslt-1.1.26-4.3-mdv2011.0.x86_64.rpm\n c579ae813ba11c3cd5d1c0f4cce0501f 2011/x86_64/xsltproc-1.1.26-4.3-mdv2011.0.x86_64.rpm \n 800ca7cd52aa4b3aee9766c48e31fab4 2011/SRPMS/libxslt-1.1.26-4.3.src.rpm\n\n Mandriva Enterprise Server 5:\n f826a7ddc953e8f7b7b40deb76912e20 mes5/i586/libxslt1-1.1.24-3.3mdvmes5.2.i586.rpm\n b8e76d09360e0909f5da8f579b104aef mes5/i586/libxslt-devel-1.1.24-3.3mdvmes5.2.i586.rpm\n ee7c9b7d2f31a60a5e9f56609dfeaa74 mes5/i586/libxslt-proc-1.1.24-3.3mdvmes5.2.i586.rpm\n 8c185d22c7d001a80626b3889d8fd3ab mes5/i586/python-libxslt-1.1.24-3.3mdvmes5.2.i586.rpm \n 7e2de920a497470f4375dd3678722bc3 mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 016b471e89084c406ea67ed0291e4f14 mes5/x86_64/lib64xslt1-1.1.24-3.3mdvmes5.2.x86_64.rpm\n 085944e218fa19c482907f36cb4039be mes5/x86_64/lib64xslt-devel-1.1.24-3.3mdvmes5.2.x86_64.rpm\n 814524bab2901c4b62c575eabcb9b894 mes5/x86_64/libxslt-proc-1.1.24-3.3mdvmes5.2.x86_64.rpm\n 18e50a556417c1541dcbab2b4650d5c0 mes5/x86_64/python-libxslt-1.1.24-3.3mdvmes5.2.x86_64.rpm \n 7e2de920a497470f4375dd3678722bc3 mes5/SRPMS/libxslt-1.1.24-3.3mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. ============================================================================\nUbuntu Security Notice USN-1595-1\nOctober 04, 2012\n\nlibxslt vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nApplications using libxslt could be made to crash or run programs as your\nlogin if they processed a specially crafted file. \n\nSoftware Description:\n- libxslt: XSLT processing library\n\nDetails:\n\nChris Evans discovered that libxslt incorrectly handled generate-id XPath\nfunctions. If a user or automated system were tricked into processing a\nspecially crafted XSLT document, a remote attacker could obtain potentially\nsensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu\n10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)\n\nIt was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970)\n\nNicholas Gregoire discovered that libxslt incorrectly handled unexpected\nDTD nodes. (CVE-2012-2825)\n\nNicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870)\n\nNicholas Gregoire discovered that libxslt incorrectly handled certain\ntransforms. \n(CVE-2012-2871)\n\nCris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n libxslt1.1 1.1.26-8ubuntu1.2\n\nUbuntu 11.10:\n libxslt1.1 1.1.26-7ubuntu0.1\n\nUbuntu 11.04:\n libxslt1.1 1.1.26-6ubuntu0.1\n\nUbuntu 10.04 LTS:\n libxslt1.1 1.1.26-1ubuntu1.1\n\nUbuntu 8.04 LTS:\n libxslt1.1 1.1.22-1ubuntu1.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1595-1\n CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870,\n CVE-2012-2871, CVE-2012-2893\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.2\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-6ubuntu0.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.1\n https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.3\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libxslt: Denial of Service\n Date: January 10, 2014\n Bugs: #433603, #436284, #463236, #496114\n ID: 201401-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple Denial of Service vulnerabilities have been found in libxslt. \n\nBackground\n==========\n\nlibxslt is the XSLT C library developed for the GNOME project. XSLT is\nan XML language to define transformations for XML. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxslt \u003c 1.1.28 \u003e= 1.1.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in libxslt:\n\n* Multiple errors exist in pattern.c and functions.c (CVE-2012-2870,\n CVE-2012-6139). \n* A double-free error exists in templates.c (CVE-2012-2893). \n* A NULL pointer dereference in keys.c (CVE-2012-6139). \n* An error in handling stylesheets containing DTDs (CVE-2013-4520). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxslt users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxslt-1.1.28\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2012-2870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2870\n[ 2 ] CVE-2012-2893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893\n[ 3 ] CVE-2012-6139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6139\n[ 4 ] CVE-2013-4520\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4520\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.1.26-6+squeeze2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.26-14. \n\nWe recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-18-2 iOS 7\n\niOS 7 is now available and addresses the following:\n\nCertificate Trust Policy\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Root certificates have been updated\nDescription: Several certificates were added to or removed from the\nlist of system roots. \n\nCoreGraphics\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nCoreMedia\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of Sorenson\nencoded movie files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2013-1019 : Tom Gallagher (Microsoft) \u0026 Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nData Protection\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Apps could bypass passcode-attempt restrictions\nDescription: A privilege separation issue existed in Data\nProtection. An app within the third-party sandbox could repeatedly\nattempt to determine the user\u0027s passcode regardless of the user\u0027s\n\"Erase Data\" setting. This issue was addressed by requiring\nadditional entitlement checks. \nCVE-ID\nCVE-2013-0957 : Jin Han of the Institute for Infocomm Research\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\nUniversity\n\nData Security\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update added the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \nCVE-ID\nCVE-2013-5134\n\ndyld\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker who has arbitrary code execution on a device may\nbe able to persist code execution across reboots\nDescription: Multiple buffer overflows existed in dyld\u0027s\nopenSharedCacheFile() function. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2013-3950 : Stefan Esser\n\nFile Systems\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker who can mount a non-HFS filesystem may be able\nto cause an unexpected system termination or arbitrary code execution\nwith kernel privileges\nDescription: A memory corruption issue existed in the handling of\nAppleDouble files. This issue was addressed by removing support for\nAppleDouble files. \nCVE-ID\nCVE-2013-3955 : Stefan Esser\n\nImageIO\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nIOKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Background applications could inject user interface events\ninto the foreground app\nDescription: It was possible for background applications to inject\nuser interface events into the foreground application using the task\ncompletion or VoIP APIs. This issue was addressed by enforcing access\ncontrols on foreground and background processes that handle interface\nevents. \nCVE-ID\nCVE-2013-5137 : Mackenzie Straight at Mobile Labs\n\nIOKitUser\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious local application could cause an unexpected\nsystem termination\nDescription: A null pointer dereference existed in IOCatalogue. \nThe issue was addressed through additional type checking. \nCVE-ID\nCVE-2013-5138 : Will Estes\n\nIOSerialFamily\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nIPSec\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may intercept data protected with IPSec Hybrid\nAuth\nDescription: The DNS name of an IPSec Hybrid Auth server was not\nbeing matched against the certificate, allowing an attacker with a\ncertificate for any server to impersonate any other. This issue was\naddressed by improved certificate checking. \nCVE-ID\nCVE-2013-1028 : Alexander Traud of www.traud.de\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker can cause a device to unexpectedly restart\nDescription: Sending an invalid packet fragment to a device can\ncause a kernel assert to trigger, leading to a device restart. The\nissue was addressed through additional validation of packet\nfragments. \nCVE-ID\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\nof Vulnerability Analysis Group, Stonesoft\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious local application could cause device hang\nDescription: An integer truncation vulnerability in the kernel\nsocket interface could be leveraged to force the CPU into an infinite\nloop. The issue was addressed by using a larger sized variable. \nCVE-ID\nCVE-2013-5141 : CESG\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker on a local network can cause a denial of service\nDescription: An attacker on a local network can send specially\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\naddressed by rate limiting ICMP packets before verifying their\nchecksum. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Kernel stack memory may be disclosed to local users\nDescription: An information disclosure issue existed in the msgctl\nand segctl APIs. This issue was addressed by initializing data\nstructures returned from the kernel. \nCVE-ID\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Unprivileged processes could get access to the contents of\nkernel memory which could lead to privilege escalation\nDescription: An information disclosure issue existed in the\nmach_port_space_info API. This issue was addressed by initializing\nthe iin_collision field in structures returned from the kernel. \nCVE-ID\nCVE-2013-3953 : Stefan Esser\n\nKernel\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Unprivileged processes may be able to cause an unexpected\nsystem termination or arbitrary code execution in the kernel\nDescription: A memory corruption issue existed in the handling of\narguments to the posix_spawn API. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-3954 : Stefan Esser\n\nKext Management\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An unauthorized process may modify the set of loaded kernel\nextensions\nDescription: An issue existed in kextd\u0027s handling of IPC messages\nfrom unauthenticated senders. This issue was addressed by adding\nadditional authorization checks. \nCVE-ID\nCVE-2013-5145 : \"Rainbow PRISM\"\n\nlibxml\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nlibxslt\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a maliciously crafted web page may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\nPasscode Lock\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\nbypass the screen lock\nDescription: A race condition issue existed in the handling of phone\ncalls and SIM card ejection at the lock screen. This issue was\naddressed through improved lock state management. \nCVE-ID\nCVE-2013-5147 : videosdebarraquito\n\nPersonal Hotspot\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to join a Personal Hotspot network\nDescription: An issue existed in the generation of Personal Hotspot\npasswords, resulting in passwords that could be predicted by an\nattacker to join a user\u0027s Personal Hotspot. The issue was addressed\nby generating passwords with higher entropy. \nCVE-ID\nCVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz\nof University Erlangen-Nuremberg\n\nPush Notifications\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: The push notification token may be disclosed to an app\ncontrary to the user\u0027s decision\nDescription: An information disclosure issue existed in push\nnotification registration. Apps requesting access to the push\nnotification access received the token before the user approved the\napp\u0027s use of push notifications. This issue was addressed by\nwithholding access to the token until the user has approved access. \nCVE-ID\nCVE-2013-5149 : Jack Flintermann of Grouper, Inc. \n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nXML files. This issue was addressed through additional bounds\nchecking. \nCVE-ID\nCVE-2013-1036 : Kai Lu of Fortinet\u0027s FortiGuard Labs\n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: History of pages recently visited in an open tab may remain\nafter clearing of history\nDescription: Clearing Safari\u0027s history did not clear the\nback/forward history for open tabs. This issue was addressed by\nclearing the back/forward history. \nCVE-ID\nCVE-2013-5150\n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing files on a website may lead to script execution even\nwhen the server sends a \u0027Content-Type: text/plain\u0027 header\nDescription: Mobile Safari sometimes treated files as HTML files\neven when the server sent a \u0027Content-Type: text/plain\u0027 header. This\nmay lead to cross-site scripting on sites that allow users to upload\nfiles. This issue was addressed through improved handling of files\nwhen \u0027Content-Type: text/plain\u0027 is set. \nCVE-ID\nCVE-2013-5151 : Ben Toews of Github\n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may allow an arbitrary URL to\nbe displayed\nDescription: A URL bar spoofing issue existed in Mobile Safari. This\nissue was addressed through improved URL tracking. \nCVE-ID\nCVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS\n\nSandbox\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Applications that are scripts were not sandboxed\nDescription: Third-party applications which used the #! syntax to\nrun a script were sandboxed based on the identity of the script\ninterpreter, not the script. The interpreter may not have a sandbox\ndefined, leading to the application being run unsandboxed. This issue\nwas addressed by creating the sandbox based on the identity of the\nscript. \nCVE-ID\nCVE-2013-5154 : evad3rs\n\nSandbox\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Applications can cause a system hang\nDescription: Malicious third-party applications that wrote specific\nvalues to the /dev/random device could force the CPU to enter an\ninfinite loop. This issue was addressed by preventing third-party\napplications from writing to /dev/random. \nCVE-ID\nCVE-2013-5155 : CESG\n\nSocial\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Users recent Twitter activity could be disclosed on devices\nwith no passcode. \nDescription: An issue existed where it was possible to determine\nwhat Twitter accounts a user had recently interacted with. This issue\nwas resolved by restricting access to the Twitter icon cache. \nCVE-ID\nCVE-2013-5158 : Jonathan Zdziarski\n\nSpringboard\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device in Lost Mode may\nbe able to view notifications\nDescription: An issue existed in the handling of notifications when\na device is in Lost Mode. This update addresses the issue with\nimproved lock state management. \nCVE-ID\nCVE-2013-5153 : Daniel Stangroom\n\nTelephony\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Malicious apps could interfere with or control telephony\nfunctionality\nDescription: An access control issue existed in the telephony\nsubsystem. Bypassing supported APIs, sandboxed apps could make\nrequests directly to a system daemon interfering with or controlling\ntelephony functionality. This issue was addressed by enforcing access\ncontrols on interfaces exposed by the telephony daemon. \nCVE-ID\nCVE-2013-5156 : Jin Han of the Institute for Infocomm Research\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\nLee from the Georgia Institute of Technology\n\nTwitter\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Sandboxed apps could send tweets without user interaction or\npermission\nDescription: An access control issue existed in the Twitter\nsubsystem. Bypassing supported APIs, sandboxed apps could make\nrequests directly to a system daemon interfering with or controlling\nTwitter functionality. This issue was addressed by enforcing access\ncontrols on interfaces exposed by the Twitter daemon. \nCVE-ID\nCVE-2013-5157 : Jin Han of the Institute for Infocomm Research\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\nLee from the Georgia Institute of Technology\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-0879 : Atte Kettunen of OUSPG\nCVE-2013-0991 : Jay Civelli of the Chromium development community\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\nCVE-2013-0994 : David German of Google\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\nCVE-2013-0997 : Vitaliy Toropov working with HP\u0027s Zero Day Initiative\nCVE-2013-0998 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-0999 : pa_kt working with HP\u0027s Zero Day Initiative\nCVE-2013-1000 : Fermin J. A maliciously\ncrafted website could use an iframe to determine if another site used\nwindow.webkitRequestAnimationFrame(). This issue was addressed\nthrough improved handling of window.webkitRequestAnimationFrame(). \nCVE-ID\nCVE-2013-5159\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Copying and pasting a malicious HTML snippet may lead to a\ncross-site scripting attack\nDescription: A cross-site scripting issue existed in the handling of\ncopied and pasted data in HTML documents. This issue was addressed\nthrough additional validation of pasted content. \nCVE-ID\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\n(xysec.com)\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-site scripting issue existed in the handling of\niframes. This issue was addressed through improved origin tracking. \nCVE-ID\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\n\nWebKit\nAvailable for: iPhone 3GS and later,\niPod touch (4th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to an\ninformation disclosure\nDescription: An information disclosure issue existed in XSSAuditor. \nThis issue was addressed through improved handling of URLs. \nCVE-ID\nCVE-2013-2848 : Egor Homakov\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Dragging or pasting a selection may lead to a cross-site\nscripting attack\nDescription: Dragging or pasting a selection from one site to\nanother may allow scripts contained in the selection to be executed\nin the context of the new site. This issue is addressed through\nadditional validation of content before a paste or a drag and drop\noperation. \nCVE-ID\nCVE-2013-5129 : Mario Heiderich\n\nWebKit\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to a cross-\nsite scripting attack\nDescription: A cross-site scripting issue existed in the handling of\nURLs. This issue was addressed through improved origin tracking. \nCVE-ID\nCVE-2013-5131 : Erling A Ellingsen\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN\n0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e\nGoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2\nTyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni\n5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK\nibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT\nKXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG\nQthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY\nI2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz\nKf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt\nSCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR\nGowSVGG+cJtvrngVhy3E\n=dNVy\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2870"
},
{
"db": "BID",
"id": "55331"
},
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "PACKETSTORM",
"id": "117306"
},
{
"db": "PACKETSTORM",
"id": "117132"
},
{
"db": "PACKETSTORM",
"id": "121115"
},
{
"db": "PACKETSTORM",
"id": "124741"
},
{
"db": "PACKETSTORM",
"id": "117159"
},
{
"db": "PACKETSTORM",
"id": "123307"
},
{
"db": "PACKETSTORM",
"id": "123339"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2870",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "50838",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "54886",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "BID",
"id": "55331",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "117159",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "124741",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56151",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-2870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117306",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121115",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123339",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "BID",
"id": "55331"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "PACKETSTORM",
"id": "117306"
},
{
"db": "PACKETSTORM",
"id": "117132"
},
{
"db": "PACKETSTORM",
"id": "121115"
},
{
"db": "PACKETSTORM",
"id": "124741"
},
{
"db": "PACKETSTORM",
"id": "117159"
},
{
"db": "PACKETSTORM",
"id": "123307"
},
{
"db": "PACKETSTORM",
"id": "123339"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"id": "VAR-201208-0343",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-56151"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:20:13.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GoogleChromesetup25.0.1323.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=44457"
},
{
"title": "Red Hat: Important: libxslt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20121265 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libxslt: Three security issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3db888241598e632a57d140334ad7c21"
},
{
"title": "Debian Security Advisories: DSA-2555-1 libxslt -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0bbfcdccfdcee3404afcbd7baf6cad17"
},
{
"title": "Ubuntu Security Notice: libxslt vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1595-1"
},
{
"title": "Amazon Linux AMI: ALAS-2012-123",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-123"
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/sambacha/mirror-radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/stephenharuna/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/benoit-a/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/g60ocr/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/sunzu94/radamsa-fuzzer "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/nqwang/radamsa "
},
{
"title": "A Crash Course to Radamsa\nFAQ",
"trust": 0.1,
"url": "https://github.com/hwangtaewon/radamsa "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html"
},
{
"trust": 1.5,
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"trust": 1.5,
"url": "http://support.apple.com/kb/ht6001"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html"
},
{
"trust": 1.2,
"url": "http://code.google.com/p/chromium/issues/detail?id=138672"
},
{
"trust": 1.2,
"url": "http://code.google.com/p/chromium/issues/detail?id=140368"
},
{
"trust": 1.2,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log"
},
{
"trust": 1.2,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log"
},
{
"trust": 1.2,
"url": "http://support.apple.com/kb/ht5934"
},
{
"trust": 1.2,
"url": "https://chromiumcodereview.appspot.com/10823168"
},
{
"trust": 1.2,
"url": "https://chromiumcodereview.appspot.com/10830177"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2012/dsa-2555"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:164"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/50838"
},
{
"trust": 1.2,
"url": "http://secunia.com/advisories/54886"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"trust": 1.1,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026r2=149998"
},
{
"trust": 1.1,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026r2=150123"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2893"
},
{
"trust": 0.3,
"url": "http://git.gnome.org/browse/libxslt/commit/?id=54977ed7966847e305a2008cb18892df26eeb065"
},
{
"trust": 0.3,
"url": "http://git.gnome.org/browse/libxslt/commit/?id=937ba2a3eb42d288f53c8adc211bd1122869f0bf"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "http://git.gnome.org/browse/libxslt/commit/?id=1564b30e994602a95863d9716be83612580a2fed"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht5935"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100167733"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2013-0001.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "http://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1202"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2870"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2871"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0997"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0996"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1001"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0992"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0995"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1003"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0993"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1004"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0991"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0994"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1007"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0998"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1006"
},
{
"trust": 0.1,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684\u0026amp;r2=149998"
},
{
"trust": 0.1,
"url": "http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654\u0026amp;r2=150123"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:1265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1595-1/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1202"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1595-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libxslt/1.1.26-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3970"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2825"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2870"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4520"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201401-07.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6139"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4520"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6139"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2893"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0957"
},
{
"trust": 0.1,
"url": "https://www.traud.de"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1008"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "BID",
"id": "55331"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "PACKETSTORM",
"id": "117306"
},
{
"db": "PACKETSTORM",
"id": "117132"
},
{
"db": "PACKETSTORM",
"id": "121115"
},
{
"db": "PACKETSTORM",
"id": "124741"
},
{
"db": "PACKETSTORM",
"id": "117159"
},
{
"db": "PACKETSTORM",
"id": "123307"
},
{
"db": "PACKETSTORM",
"id": "123339"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-56151"
},
{
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"db": "BID",
"id": "55331"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "PACKETSTORM",
"id": "117306"
},
{
"db": "PACKETSTORM",
"id": "117132"
},
{
"db": "PACKETSTORM",
"id": "121115"
},
{
"db": "PACKETSTORM",
"id": "124741"
},
{
"db": "PACKETSTORM",
"id": "117159"
},
{
"db": "PACKETSTORM",
"id": "123307"
},
{
"db": "PACKETSTORM",
"id": "123339"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-56151"
},
{
"date": "2012-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"date": "2012-08-30T00:00:00",
"db": "BID",
"id": "55331"
},
{
"date": "2014-01-24T01:33:33",
"db": "PACKETSTORM",
"id": "124932"
},
{
"date": "2012-10-11T15:06:42",
"db": "PACKETSTORM",
"id": "117306"
},
{
"date": "2012-10-05T02:43:12",
"db": "PACKETSTORM",
"id": "117132"
},
{
"date": "2013-04-07T15:05:48",
"db": "PACKETSTORM",
"id": "121115"
},
{
"date": "2014-01-10T22:09:38",
"db": "PACKETSTORM",
"id": "124741"
},
{
"date": "2012-10-06T00:48:11",
"db": "PACKETSTORM",
"id": "117159"
},
{
"date": "2013-09-19T01:58:16",
"db": "PACKETSTORM",
"id": "123307"
},
{
"date": "2013-09-20T20:54:13",
"db": "PACKETSTORM",
"id": "123339"
},
{
"date": "2012-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"date": "2012-08-31T19:55:01.077000",
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-56151"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2870"
},
{
"date": "2015-04-13T21:34:00",
"db": "BID",
"id": "55331"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-693"
},
{
"date": "2023-11-07T02:11:15.267000",
"db": "NVD",
"id": "CVE-2012-2870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "117306"
},
{
"db": "PACKETSTORM",
"id": "117132"
},
{
"db": "PACKETSTORM",
"id": "121115"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Chrome Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-693"
}
],
"trust": 0.6
}
}