Search criteria
24 vulnerabilities found for pages by apple
VAR-201704-0725
Vulnerability from variot - Updated: 2023-12-18 11:47An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. Apple iOS/Mac is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Both Apple iOS and Mac are products of the American company Apple (Apple). The former is an operating system developed for mobile devices, while the latter is a computer product. Pages is one of the applications that provides word processing and page layout; Numbers is one of the electronic form applications; Keynote is one of the presentation applications. Attackers can exploit this vulnerability to disclose the content of password-protected PDFs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now available and address the following:
Export Available for: macOS 10.12 Sierra or later, iOS 10 or later Impact: The contents of password-protected PDFs exported from iWork may be exposed Description: iWork used weak 40-bit RC4 encryption for password- protected PDF exports.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJY2VkhAAoJEIOj74w0bLRGtMYQAMixdDDlyh/wWcT8bTLSekBU 6CqKrmus7LmaKyaqSjpzTlh4P40fLjpiPEukBzSerLeHlSBZ2mOpGcpXcC5evRDG GVJe5J7DeJyfk0Asta+9sgX/YAms9VcqZS9AxAVA7LeP1yspxAej6FMyP+vnvK6c y4SAzxlAZLjzMORaXnn/erp9SAtyyituD1TIhP4dIjcM7YNb0heKO46FCFVflcKd jqamu5A+W7D3i0f2dxlw5cN8J2Lpbeue/hoKT+thO+97zGjvUtqY53LOvOGcpYvD bxp3Ld2fCgCVgpalIrsvBYXbnBTgn/Mvve8dax2Ub0s95IxQkEr3SP1gr/YubSE9 EXg1PhmwnozUXsbZZV68nnQ2xfzc5CgjjojPBF8sg8BCFqXy4k5qkHi9sLdwxCis Hlcl6OyrkF+Puqjs3XZPzfSUKndL4pXiIv8H7nPgtCIsIF6BjABQGLUKOSNNtQwe ySAatdMCB1ut3NkSBh+yjIsK9QshiD9JbUhlZkLvkJhhcZp+rFac4adTN6U9svbO ehttNA2kPOW/YnYv42tk499cA+S3gHYHl7jzGnQNq2aQT/AZFg9lDJFYS0qqdLCW G0XaKDiSzsAkCa54UIyc2e+/St/b10kNXuTxKa/Q9Y9Mh9RtJUHHm0FrLPkevZJ7 MxmltI7TPqTEOCpaYFfd =cT2K -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0725",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 (ios 10.0 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (macos 10.12 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 (ios 10.0 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "4.1 (macos 10.12 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 (ios 10.0 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (macos 10.12 or later )"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.5"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.6"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.6"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "pages",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "pages",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "numbers",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "numbers",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "keynote",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "keynote",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
}
],
"sources": [
{
"db": "BID",
"id": "97126"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:mac_os_x:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:numbers:*:*:*:*:*:mac_os_x:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:mac_os_x:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:numbers:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2391"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philipp Eckel of ThoughtWorks.",
"sources": [
{
"db": "BID",
"id": "97126"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2391",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-110594",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-2391",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2391",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1278",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110594",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-2391",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4. Apple iOS/Mac is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Both Apple iOS and Mac are products of the American company Apple (Apple). The former is an operating system developed for mobile devices, while the latter is a computer product. Pages is one of the applications that provides word processing and page layout; Numbers is one of the electronic form applications; Keynote is one of the presentation applications. Attackers can exploit this vulnerability to disclose the content of password-protected PDFs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1\nfor Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now\navailable and address the following:\n\nExport\nAvailable for: macOS 10.12 Sierra or later, iOS 10 or later\nImpact: The contents of password-protected PDFs exported from iWork\nmay be exposed\nDescription: iWork used weak 40-bit RC4 encryption for password-\nprotected PDF exports. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJY2VkhAAoJEIOj74w0bLRGtMYQAMixdDDlyh/wWcT8bTLSekBU\n6CqKrmus7LmaKyaqSjpzTlh4P40fLjpiPEukBzSerLeHlSBZ2mOpGcpXcC5evRDG\nGVJe5J7DeJyfk0Asta+9sgX/YAms9VcqZS9AxAVA7LeP1yspxAej6FMyP+vnvK6c\ny4SAzxlAZLjzMORaXnn/erp9SAtyyituD1TIhP4dIjcM7YNb0heKO46FCFVflcKd\njqamu5A+W7D3i0f2dxlw5cN8J2Lpbeue/hoKT+thO+97zGjvUtqY53LOvOGcpYvD\nbxp3Ld2fCgCVgpalIrsvBYXbnBTgn/Mvve8dax2Ub0s95IxQkEr3SP1gr/YubSE9\nEXg1PhmwnozUXsbZZV68nnQ2xfzc5CgjjojPBF8sg8BCFqXy4k5qkHi9sLdwxCis\nHlcl6OyrkF+Puqjs3XZPzfSUKndL4pXiIv8H7nPgtCIsIF6BjABQGLUKOSNNtQwe\nySAatdMCB1ut3NkSBh+yjIsK9QshiD9JbUhlZkLvkJhhcZp+rFac4adTN6U9svbO\nehttNA2kPOW/YnYv42tk499cA+S3gHYHl7jzGnQNq2aQT/AZFg9lDJFYS0qqdLCW\nG0XaKDiSzsAkCa54UIyc2e+/St/b10kNXuTxKa/Q9Y9Mh9RtJUHHm0FrLPkevZJ7\nMxmltI7TPqTEOCpaYFfd\n=cT2K\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "BID",
"id": "97126"
},
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "PACKETSTORM",
"id": "141993"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2391",
"trust": 3.0
},
{
"db": "BID",
"id": "97126",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1038135",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1038134",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1038136",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "36243",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141993",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-110594",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-2391",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "BID",
"id": "97126"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "PACKETSTORM",
"id": "141993"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"id": "VAR-201704-0725",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110594"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:47:39.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207595",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207595"
},
{
"title": "HT207595",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207595"
},
{
"title": "Apple Pages , Numbers and Keynote for iOS and Mac Export Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68830"
},
{
"title": "Apple: Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac and Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=567bff5986d19f178f6d7f28846c48c4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97126"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207595"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038134"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038135"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038136"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2391"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2391"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36243"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht207595"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207595"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "BID",
"id": "97126"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "PACKETSTORM",
"id": "141993"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110594"
},
{
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"db": "BID",
"id": "97126"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"db": "PACKETSTORM",
"id": "141993"
},
{
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110594"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97126"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"date": "2017-03-27T14:44:44",
"db": "PACKETSTORM",
"id": "141993"
},
{
"date": "2017-04-02T01:59:00.667000",
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-110594"
},
{
"date": "2017-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-2391"
},
{
"date": "2017-03-29T01:02:00",
"db": "BID",
"id": "97126"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002415"
},
{
"date": "2017-07-12T01:29:09.677000",
"db": "NVD",
"id": "CVE-2017-2391"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple In the product export component iWork PDF Vulnerability that bypasses password protection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002415"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1278"
}
],
"trust": 0.6
}
}
VAR-201510-0191
Vulnerability from variot - Updated: 2023-12-18 11:37The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. Apple Pages is prone to a remote memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Both Apple iWork for iOS and Apple Pages are products of Apple. The former is a set of office software developed for the iOS operating system. The latter is a suite of word processing and page layout applications (APP). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following:
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iwork",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "iwork",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for ios 2.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iwork",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.5.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Groebert of the Google Security Team",
"sources": [
{
"db": "BID",
"id": "77103"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7034",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84995",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7034",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-329",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84995",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document. Apple Pages is prone to a remote memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Both Apple iWork for iOS and Apple Pages are products of Apple. The former is a set of office software developed for the iOS operating system. The latter is a suite of word processing and page layout applications (APP). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and\niWork for iOS 2.6\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now\navailable which address the following:\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\ncompromise of user information\nDescription: Multiple input validation issues existed in parsing a\nmaliciously crafted document. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through\nimproved memory handling. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7034 : Felix Groebert of the Google Security Team\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may\nbe obtained from the App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G\nLDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE\n9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l\nieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I\nPtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd\n5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX\nUyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6\nDY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI\nxjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1\nHn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i\n/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi\nikrC4CqPxEcf3lk6bXKi\n=Zci4\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "BID",
"id": "77103"
},
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "PACKETSTORM",
"id": "133995"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7034",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1033821",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92655282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329",
"trust": 0.7
},
{
"db": "BID",
"id": "77103",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84995",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "BID",
"id": "77103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"id": "VAR-201510-0191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84995"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:37:38.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205373"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205373"
},
{
"title": "Apple iWork for iOS Application and Apple Pages Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58177"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205373"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033821"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7034"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92655282/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7034"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7034"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7033"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "BID",
"id": "77103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84995"
},
{
"db": "BID",
"id": "77103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-84995"
},
{
"date": "2015-10-15T00:00:00",
"db": "BID",
"id": "77103"
},
{
"date": "2015-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"date": "2015-10-16T01:45:00",
"db": "PACKETSTORM",
"id": "133995"
},
{
"date": "2015-10-18T19:59:06.293000",
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"date": "2015-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84995"
},
{
"date": "2015-10-26T17:02:00",
"db": "BID",
"id": "77103"
},
{
"date": "2015-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005349"
},
{
"date": "2016-12-08T16:19:29.353000",
"db": "NVD",
"id": "CVE-2015-7034"
},
{
"date": "2015-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Pages and iOS for iWork An arbitrary code execution vulnerability in an application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-329"
}
],
"trust": 0.6
}
}
VAR-201510-0190
Vulnerability from variot - Updated: 2023-12-18 11:23The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. Multiple Apple Products are prone to a remote memory-corruption vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following:
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iwork",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.5"
},
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "3.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.5"
},
{
"model": "iwork",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for ios 2.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (ios 8.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "iwork",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iwork for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "pages",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.6"
},
{
"model": "numbers",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.6"
},
{
"model": "keynote",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.6"
},
{
"model": "iwork for ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.6"
}
],
"sources": [
{
"db": "BID",
"id": "77105"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Groebert of the Google Security Team.",
"sources": [
{
"db": "BID",
"id": "77105"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7033",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84994",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7033",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-328",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84994",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document. Multiple Apple Products are prone to a remote memory-corruption vulnerability. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. in the United States. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and\niWork for iOS 2.6\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now\navailable which address the following:\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\ncompromise of user information\nDescription: Multiple input validation issues existed in parsing a\nmaliciously crafted document. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. This issue was addressed through\nimproved memory handling. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7034 : Felix Groebert of the Google Security Team\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may\nbe obtained from the App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G\nLDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE\n9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l\nieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I\nPtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd\n5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX\nUyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6\nDY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI\nxjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1\nHn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i\n/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi\nikrC4CqPxEcf3lk6bXKi\n=Zci4\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "BID",
"id": "77105"
},
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "PACKETSTORM",
"id": "133995"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7033",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1033826",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033825",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033823",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92655282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328",
"trust": 0.7
},
{
"db": "BID",
"id": "77105",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84994",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "BID",
"id": "77105"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"id": "VAR-201510-0190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84994"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:23:38.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205373"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205373"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205373"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033823"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033825"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033826"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7033"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92655282/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7033"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-in/ht205373"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7034"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7033"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "BID",
"id": "77105"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84994"
},
{
"db": "BID",
"id": "77105"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-84994"
},
{
"date": "2015-10-15T00:00:00",
"db": "BID",
"id": "77105"
},
{
"date": "2015-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"date": "2015-10-16T01:45:00",
"db": "PACKETSTORM",
"id": "133995"
},
{
"date": "2015-10-18T19:59:05.183000",
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"date": "2015-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84994"
},
{
"date": "2015-10-15T00:00:00",
"db": "BID",
"id": "77105"
},
{
"date": "2015-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005348"
},
{
"date": "2016-12-08T16:13:46.633000",
"db": "NVD",
"id": "CVE-2015-7033"
},
{
"date": "2015-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Vulnerabilities in products that allow arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-328"
}
],
"trust": 0.6
}
}
VAR-201508-0428
Vulnerability from variot - Updated: 2023-12-18 11:16Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Attackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. Versions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. Office Viewer is one of the ActiveX components for displaying and interacting with Microsoft Office files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following:
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team
Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "8.4"
},
{
"model": "iwork",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "8.4.1 (ipod touch first 5 after generation )"
},
{
"model": "iwork",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for ios 2.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (ios 8.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "8.4"
},
{
"model": "iwork",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.5"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple, TaiG Jailbreak Team, Michal Zalewski, John Villamil (@day6reak) from Yahoo Pentest Team, Ilja van Sprundel, Ian Beer of Google Project Zero, Frank Graziano of the Yahoo Pentest Team, Lufeng Li of Qihoo 360, Mathew Rowley, Bruno Morisson of INTEGRIT S.A.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
},
"cve": "CVE-2015-3784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3784",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81745",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3784",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-324",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. \nAttackers can exploit these issues to obtain sensitive information, execute arbitrary code with system privileges, perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, and perform other attacks. \nVersions prior to iOS 8.4.1 and OS X 10.10.5 are vulnerable. in the United States. Office Viewer is one of the ActiveX components for displaying and interacting with Microsoft Office files. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and\niWork for iOS 2.6\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now\navailable which address the following:\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\ncompromise of user information\nDescription: Multiple input validation issues existed in parsing a\nmaliciously crafted document. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \nCVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted document. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7033 : Felix Groebert of the Google Security Team\n\nPages\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted Pages document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted Pages document. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7034 : Felix Groebert of the Google Security Team\n\nKeynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may\nbe obtained from the App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G\nLDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE\n9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l\nieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I\nPtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd\n5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX\nUyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6\nDY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI\nxjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1\nHn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i\n/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi\nikrC4CqPxEcf3lk6bXKi\n=Zci4\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "PACKETSTORM",
"id": "133995"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3784",
"trust": 2.9
},
{
"db": "BID",
"id": "76343",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1033275",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92655282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133995",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81745",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"id": "VAR-201508-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:16:58.262000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"title": "APPLE-SA-2015-08-13-3 iOS 8.4.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205373"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht205373"
},
{
"title": "HT205030",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205030"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00002.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/76343"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205030"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht205373"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033275"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3784"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92655282/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3784"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht205221"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7034"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7033"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81745"
},
{
"db": "BID",
"id": "76343"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-81745"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76343"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"date": "2015-10-16T01:45:00",
"db": "PACKETSTORM",
"id": "133995"
},
{
"date": "2015-08-16T23:59:56.923000",
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81745"
},
{
"date": "2016-07-06T13:27:00",
"db": "BID",
"id": "76343"
},
{
"date": "2015-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004233"
},
{
"date": "2016-12-24T02:59:15.057000",
"db": "NVD",
"id": "CVE-2015-3784"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS and OS X of Office Viewer Vulnerable to reading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-324"
}
],
"trust": 0.6
}
}
VAR-201401-0568
Vulnerability from variot - Updated: 2023-12-18 11:10Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Apple Pages is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple Pages is a set of word processing and page layout applications (APP) of Apple (Apple), which supports the creation and sharing of documents, newsletters, reports and many other contents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-03-10-1 iOS 7.1
iOS 7.1 is now available and addresses the following:
Backup Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem.
Configuration Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. CVE-ID CVE-2014-1271 : Filippo Bigarella
Crash Reporting Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs
dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. CVE-ID CVE-2014-1273 : evad3rs
FaceTime Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to access FaceTime contacts from the lock screen Description: FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. CVE-ID CVE-2013-6629 : Michal Zalewski
IOKit HID Event Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may monitor on user actions in other apps Description: An interface in IOKit framework allowed malicious apps to monitor on user actions in other apps. CVE-ID CVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye
iTunes Store Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team
Photos Backend Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Deleted images may still appear in the Photos app underneath transparent images Description: Deleting an image from the asset library did not delete cached versions of the image. CVE-ID CVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams, Tom Pennington
Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A configuration profile may be hidden from the user Description: A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. CVE-ID CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure
Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: User credentials may be disclosed to an unexpected site via autofill Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. CVE-ID CVE-2013-5227 : Niklas Malmgren of Klarna AB
Settings - Accounts Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. CVE-ID CVE-2014-1284
Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see the home screen of the device even if the device has not been activated Description: An unexpected application termination during activation could cause the phone to show the home screen. CVE-ID CVE-2014-1285 : Roboboi99
SpringBoard Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause the lock screen to become unresponsive Description: A state management issue existed in the lock screen. CVE-ID CVE-2014-1286 : Bogdan Alecu of M-sec.net
TelephonyUI Framework Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A webpage could trigger a FaceTime audio call without user interaction Description: Safari did not consult the user before launching facetime-audio:// URLs. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative CVE-2013-6625 : cloudfuzzer CVE-2013-6635 : cloudfuzzer CVE-2014-1269 : Apple CVE-2014-1270 : Apple CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome Security Team CVE-2014-1291 : Google Chrome Security Team CVE-2014-1292 : Google Chrome Security Team CVE-2014-1293 : Google Chrome Security Team CVE-2014-1294 : Google Chrome Security Team
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "7.1". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following:
Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26. CVE-ID CVE-2013-1862 CVE-2013-1896
App Sandbox Available for: OS X Mountain Lion v10.8.5 Impact: The App Sandbox may be bypassed Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1254 : Felix Groebert of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1262 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. CVE-ID CVE-2014-1255 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking. CVE-ID CVE-2014-1256 : Meder Kydyraliev of the Google Security Team
Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Root certificates have been updated Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Cookies Available for: OS X Mountain Lion v10.8.5 Impact: Session cookies may persist even after resetting Safari Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1258 : Karl Smith of NCC Group
CoreText Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking. CVE-ID CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs
curl Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266
Date and Time Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: An unprivileged user may change the system clock Description: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. CVE-ID CVE-2014-1265
File Bookmark Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1259
Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs. CVE-ID CVE-2014-1264
ImageIO Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed by better JPEG handling. CVE-ID CVE-2013-6629 : Michal Zalewski
IOSerialFamily Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5139 : @dent1zt
LaunchServices Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: A file could show the wrong extension Description: An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego
NVIDIA Drivers Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Executing a malicious application could result in arbitrary code execution within the graphics card Description: An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory. CVE-ID CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation Nouveau project CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation Nouveau project
PHP Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.22 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. CVE-ID CVE-2013-4073 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420
QuickLook Available for: OS X Mountain Lion v10.8.5 Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1260 : Felix Groebert of the Google Security Team
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Downloading a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in QuickLook's handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
Secure Transport Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. CVE-ID CVE-2011-3389 : Juliano Rizzo and Thai Duong
OS X Mavericks v10.9.2 includes the content of Safari 7.0.2.
OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6 U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ 3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8 C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI aiYIh+SzR0rBdMZRgyzv =+DAJ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pages",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0"
},
{
"model": "pages",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "pages",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.1"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (iphone 4 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.1 (ipod touch first 5 after generation )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ios 7 for ) version 2.1 earlier"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(os x for ) version 5.1 earlier"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "65113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:pages:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:pages:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1252"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Groebert of the Google Security Team",
"sources": [
{
"db": "BID",
"id": "65113"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-1252",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69191",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1252",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-513",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69191",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file. Apple Pages is prone to a remote code-execution vulnerability. \nA remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple Pages is a set of word processing and page layout applications (APP) of Apple (Apple), which supports the creation and sharing of documents, newsletters, reports and many other contents. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-03-10-1 iOS 7.1\n\niOS 7.1 is now available and addresses the following:\n\nBackup\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted backup can alter the filesystem\nDescription: A symbolic link in a backup would be restored, allowing\nsubsequent operations during the restore to write to the rest of the\nfilesystem. \n\nConfiguration Profiles\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Profile expiration dates were not honored\nDescription: Expiration dates of mobile configuration profiles were\nnot evaluated correctly. \nCVE-ID\nCVE-2014-1271 : Filippo Bigarella\n\nCrash Reporting\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to change permissions on arbitrary\nfiles\nDescription: CrashHouseKeeping followed symbolic links while\nchanging permissions on files. This issue was addressed by not\nfollowing symbolic links when changing permissions on files. \nCVE-ID\nCVE-2014-1272 : evad3rs\n\ndyld\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Code signing requirements may be bypassed\nDescription: Text relocation instructions in dynamic libraries may\nbe loaded by dyld without code signature validation. \nCVE-ID\nCVE-2014-1273 : evad3rs\n\nFaceTime\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\naccess FaceTime contacts from the lock screen\nDescription: FaceTime contacts on a locked device could be exposed\nby making a failed FaceTime call from the lock screen. \nCVE-ID\nCVE-2013-6629 : Michal Zalewski\n\nIOKit HID Event\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may monitor on user actions in other\napps\nDescription: An interface in IOKit framework allowed malicious apps\nto monitor on user actions in other apps. \nCVE-ID\nCVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye\n\niTunes Store\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A man-in-the-middle attacker may entice a user into\ndownloading a malicious app via Enterprise App Download\nDescription: An attacker with a privileged network position could\nspoof network communications to entice a user into downloading a\nmalicious app. This issue was mitigated by using SSL and prompting\nthe user during URL redirects. \nCVE-ID\nCVE-2014-1252 : Felix Groebert of the Google Security Team\n\nPhotos Backend\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Deleted images may still appear in the Photos app underneath\ntransparent images\nDescription: Deleting an image from the asset library did not delete\ncached versions of the image. \nCVE-ID\nCVE-2014-1281 : Walter Hoelblinger of Hoelblinger.com, Morgan Adams,\nTom Pennington\n\nProfiles\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A configuration profile may be hidden from the user\nDescription: A configuration profile with a long name could be\nloaded onto the device but was not displayed in the profile UI. \nCVE-ID\nCVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure\n\nSafari\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: User credentials may be disclosed to an unexpected site via\nautofill\nDescription: Safari may have autofilled user names and passwords\ninto a subframe from a different domain than the main frame. \nCVE-ID\nCVE-2013-5227 : Niklas Malmgren of Klarna AB\n\nSettings - Accounts\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\ndisable Find My iPhone without entering an iCloud password\nDescription: A state management issue existed in the handling of the\nFind My iPhone state. \nCVE-ID\nCVE-2014-1284\n\nSpringboard\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to the device may be able to\nsee the home screen of the device even if the device has not been\nactivated\nDescription: An unexpected application termination during activation\ncould cause the phone to show the home screen. \nCVE-ID\nCVE-2014-1285 : Roboboi99\n\nSpringBoard Lock Screen\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause the lock screen to\nbecome unresponsive\nDescription: A state management issue existed in the lock screen. \nCVE-ID\nCVE-2014-1286 : Bogdan Alecu of M-sec.net\n\nTelephonyUI Framework\nAvailable for: iPhone 4 and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A webpage could trigger a FaceTime audio call without user\ninteraction\nDescription: Safari did not consult the user before launching\nfacetime-audio:// URLs. \nCVE-ID\nCVE-2013-2909 : Atte Kettunen of OUSPG\nCVE-2013-2926 : cloudfuzzer\nCVE-2013-2928 : Google Chrome Security Team\nCVE-2013-5196 : Google Chrome Security Team\nCVE-2013-5197 : Google Chrome Security Team\nCVE-2013-5198 : Apple\nCVE-2013-5199 : Apple\nCVE-2013-5225 : Google Chrome Security Team\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP\u0027s Zero Day\nInitiative\nCVE-2013-6625 : cloudfuzzer\nCVE-2013-6635 : cloudfuzzer\nCVE-2014-1269 : Apple\nCVE-2014-1270 : Apple\nCVE-2014-1289 : Apple\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP\u0027s Zero Day\nInitiative, Google Chrome Security Team\nCVE-2014-1291 : Google Chrome Security Team\nCVE-2014-1292 : Google Chrome Security Team\nCVE-2014-1293 : Google Chrome Security Team\nCVE-2014-1294 : Google Chrome Security Team\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.1\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update\n2014-001\n\nOS X Mavericks 10.9.2 and Security Update 2014-001 is now available\nand addresses the following:\n\nApache\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to cross-site scripting. These issues were\naddressed by updating Apache to version 2.2.26. \nCVE-ID\nCVE-2013-1862\nCVE-2013-1896\n\nApp Sandbox\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: The App Sandbox may be bypassed\nDescription: The LaunchServices interface for launching an\napplication allowed sandboxed apps to specify the list of arguments\npassed to the new process. A compromised sandboxed application could\nabuse this to bypass the sandbox. This issue was addressed by\npreventing sandboxed applications from specifying arguments. This\nissue does not affect systems running OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2013-5179 : Friedrich Graeter of The Soulmen GbR\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nhandling of Type 1 fonts. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1254 : Felix Groebert of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A memory corruption issue existed in the handling of\nMach messages passed to ATS. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1262 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: An arbitrary free issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed through additional\nvalidation of Mach messages. \nCVE-ID\nCVE-2014-1255 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A buffer overflow issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed by additional bounds\nchecking. \nCVE-ID\nCVE-2014-1256 : Meder Kydyraliev of the Google Security Team\n\nCertificate Trust Policy\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Root certificates have been updated\nDescription: The set of system root certificates has been updated. \nThe complete list of recognized system roots may be viewed via the\nKeychain Access application. \n\nCFNetwork Cookies\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Session cookies may persist even after resetting Safari\nDescription: Resetting Safari did not always delete session cookies\nuntil Safari was closed. This issue was addressed through improved\nhandling of session cookies. This issue does not affect systems\nrunning OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Visiting a maliciously crafted site may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreAnimation\u0027s\nhandling of images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1258 : Karl Smith of NCC Group\n\nCoreText\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in CoreText in the handling\nof Unicode fonts. This issue is addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs\n\ncurl\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: When using curl to connect to an HTTPS URL containing\nan IP address, the IP address was not validated against the\ncertificate. This issue does not affect systems prior to OS X\nMavericks v10.9. \nCVE-ID\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\n\nData Security\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: Secure Transport failed to validate the authenticity of\nthe connection. This issue was addressed by restoring missing\nvalidation steps. \nCVE-ID\nCVE-2014-1266\n\nDate and Time\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: An unprivileged user may change the system clock\nDescription: This update changes the behavior of the systemsetup\ncommand to require administrator privileges to change the system\nclock. \nCVE-ID\nCVE-2014-1265\n\nFile Bookmark\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a file with a maliciously crafted name may lead to\nan unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of file\nnames. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1259\n\nFinder\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Accessing a file\u0027s ACL via Finder may lead to other users\ngaining unauthorized access to files\nDescription: Accessing a file\u0027s ACL via Finder may corrupt the ACLs\non the file. This issue was addressed through improved handling of\nACLs. \nCVE-ID\nCVE-2014-1264\n\nImageIO\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted JPEG file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nlibjpeg\u0027s handling of JPEG markers, resulting in the disclosure of\nmemory contents. This issue was addressed by better JPEG handling. \nCVE-ID\nCVE-2013-6629 : Michal Zalewski\n\nIOSerialFamily\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. This issue does not affect systems running OS X\nMavericks v10.9 or later. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nLaunchServices\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: A file could show the wrong extension\nDescription: An issue existed in the handling of certain unicode\ncharacters that could allow filenames to show incorrect extensions. \nThe issue was addressed by filtering unsafe unicode characters from\ndisplay in filenames. This issue does not affect systems running OS X\nMavericks v10.9 or later. \nCVE-ID\nCVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre\nof Intego\n\nNVIDIA Drivers\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Executing a malicious application could result in arbitrary\ncode execution within the graphics card\nDescription: An issue existed that allowed writes to some trusted\nmemory on the graphics card. This issue was addressed by removing the\nability of the host to write to that memory. \nCVE-ID\nCVE-2013-5986 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\nCVE-2013-5987 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\n\nPHP\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP, the most\nserious of which may have led to arbitrary code execution. These\nissues were addressed by updating PHP to version 5.4.22 on OS X\nMavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. \nCVE-ID\nCVE-2013-4073\nCVE-2013-4113\nCVE-2013-4248\nCVE-2013-6420\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Downloading a maliciously crafted Microsoft Office file may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in QuickLook\u0027s\nhandling of Microsoft Office files. Downloading a maliciously crafted\nMicrosoft Office file may have led to an unexpected application\ntermination or arbitrary code execution. This issue does not affect\nsystems running OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2014-1260 : Felix Groebert of the Google Security Team\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Downloading a maliciously crafted Microsoft Word document\nmay lead to an unexpected application termination or arbitrary code\nexecution\nDescription: A double free issue existed in QuickLook\u0027s handling of\nMicrosoft Word documents. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2014-1252 : Felix Groebert of the Google Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ftab\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1246 : An anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027dref\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1247 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ldat\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted PSD image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PSD\nimages. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1249 : dragonltx of Tencent Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of \u0027ttfo\u0027 elements. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of \u0027stsz\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1245 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nSecure Transport\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There were known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. \nTo address these issues for applications using Secure Transport, the\n1-byte fragment mitigation was enabled by default for this\nconfiguration. \nCVE-ID\nCVE-2011-3389 : Juliano Rizzo and Thai Duong\n\nOS X Mavericks v10.9.2 includes the content of Safari 7.0.2. \n\nOS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from \nthe Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn\nmlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6\nU0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb\nOlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ\n3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8\nC6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY\nY7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O\nt2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX\niB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ\nq5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv\nkBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI\naiYIh+SzR0rBdMZRgyzv\n=+DAJ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "BID",
"id": "65113"
},
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "PACKETSTORM",
"id": "125644"
},
{
"db": "PACKETSTORM",
"id": "125427"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1252",
"trust": 3.0
},
{
"db": "BID",
"id": "65113",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "102460",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56615",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56630",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1029683",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94229445",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90143917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-69191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125644",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125427",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "BID",
"id": "65113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "PACKETSTORM",
"id": "125644"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"id": "VAR-201401-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69191"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:10:17.764000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2014-02-25-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/feb/msg00000.html"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6150"
},
{
"title": "HT6162",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6162"
},
{
"title": "HT6117",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6117"
},
{
"title": "HT6117",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6117?viewlocale=ja_jp"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6150?viewlocale=ja_jp"
},
{
"title": "HT6162",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht6162?viewlocale=ja_jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6117"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65113"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht6162"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102460"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029683"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56615"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56630"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1252"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90143917/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94229445/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1252"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1252"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1274"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1276"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5198"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1273"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6835"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1245"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "BID",
"id": "65113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "PACKETSTORM",
"id": "125644"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69191"
},
{
"db": "BID",
"id": "65113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"db": "PACKETSTORM",
"id": "125644"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-69191"
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65113"
},
{
"date": "2014-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"date": "2014-03-11T02:13:44",
"db": "PACKETSTORM",
"id": "125644"
},
{
"date": "2014-02-26T22:21:07",
"db": "PACKETSTORM",
"id": "125427"
},
{
"date": "2014-01-24T15:08:00.933000",
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-69191"
},
{
"date": "2014-03-11T00:33:00",
"db": "BID",
"id": "65113"
},
{
"date": "2014-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001239"
},
{
"date": "2017-08-29T01:34:24.123000",
"db": "NVD",
"id": "CVE-2014-1252"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Pages Updates for vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-513"
}
],
"trust": 0.6
}
}
VAR-201510-0189
Vulnerability from variot - Updated: 2023-12-18 11:09The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. plural Apple The product contains a vulnerability that could capture important information.It is possible for a third party to obtain important information through crafted documents. Multiple Apple Products are prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. This issue is fixed in: Keynote 6.6 Pages 5.6 Numbers 3.6 iWork for iOS 2.6. in the United States. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team
Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pages",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iwork",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "numbers",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.5"
},
{
"model": "keynote",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.5"
},
{
"model": "numbers",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "3.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.5"
},
{
"model": "iwork",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for ios 2.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (ios 8.4 or later )"
},
{
"model": "keynote",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (ios 8.4 or later )"
},
{
"model": "numbers",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (ios 8.4 or later )"
},
{
"model": "pages",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "5.6 (os x yosemite v10.10.4 or later )"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.5.3"
},
{
"model": "iwork",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.5.4"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "pages",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "numbers for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "keynote",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iwork for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "pages",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "5.6"
},
{
"model": "numbers",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.6"
},
{
"model": "keynote",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.6"
},
{
"model": "iwork for ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2.6"
}
],
"sources": [
{
"db": "BID",
"id": "77104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard).",
"sources": [
{
"db": "BID",
"id": "77104"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7032",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84993",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7032",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84993",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document. plural Apple The product contains a vulnerability that could capture important information.It is possible for a third party to obtain important information through crafted documents. Multiple Apple Products are prone to an information-disclosure vulnerability. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. \nThis issue is fixed in:\nKeynote 6.6\nPages 5.6\nNumbers 3.6\niWork for iOS 2.6. in the United States. These issues were addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \nCVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nKeynote, Pages, and Numbers\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted document. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-7033 : Felix Groebert of the Google Security Team\n\nPages\nAvailable for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later\nImpact: Opening a maliciously crafted Pages document may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing a\nmaliciously crafted Pages document. This issue was addressed through\nimproved memory handling. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G\nLDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE\n9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l\nieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I\nPtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd\n5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX\nUyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6\nDY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI\nxjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1\nHn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i\n/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi\nikrC4CqPxEcf3lk6bXKi\n=Zci4\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "BID",
"id": "77104"
},
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "PACKETSTORM",
"id": "133995"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7032",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1033826",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033825",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1033823",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92655282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327",
"trust": 0.7
},
{
"db": "BID",
"id": "77104",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84993",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133995",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "BID",
"id": "77104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"id": "VAR-201510-0189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84993"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:09:04.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205373"
},
{
"title": "HT205373",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205373"
},
{
"title": "Multiple Apple Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58175"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00000.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205373"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033823"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033825"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033826"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7032"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92655282/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7032"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-in/ht205373"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7034"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7033"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "BID",
"id": "77104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84993"
},
{
"db": "BID",
"id": "77104"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"db": "PACKETSTORM",
"id": "133995"
},
{
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-84993"
},
{
"date": "2015-10-16T00:00:00",
"db": "BID",
"id": "77104"
},
{
"date": "2015-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"date": "2015-10-16T01:45:00",
"db": "PACKETSTORM",
"id": "133995"
},
{
"date": "2015-10-18T19:59:04.040000",
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"date": "2015-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84993"
},
{
"date": "2015-10-16T00:00:00",
"db": "BID",
"id": "77104"
},
{
"date": "2015-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005347"
},
{
"date": "2016-12-08T16:13:17.207000",
"db": "NVD",
"id": "CVE-2015-7032"
},
{
"date": "2015-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Vulnerability in obtaining important information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-327"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-2391
Vulnerability from fkie_nvd - Published: 2017-04-02 01:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "273F12FD-AAC9-46B3-82F3-EB35BC2E8D2F",
"versionEndIncluding": "7.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "4812E8C9-77B5-4CF4-B607-0A8F06FB4FDA",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:mac_os_x:*:*",
"matchCriteriaId": "BA958C04-7A2F-4C2F-B4B6-8FA4B23E9C21",
"versionEndIncluding": "6.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1BDD2098-B985-4C76-9248-B8CFD4B3ABA1",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "CB559D00-B617-4F94-9B8D-47959517BBBD",
"versionEndIncluding": "3.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B1919558-5038-4EA3-88C1-4FD359B1537E",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. Pages en versiones anteriores a 6.1, Numbers en versiones anteriores a 4.1 y Keynote en versiones anteriores a 7.1 en macOS y Pages en versiones anteriores a 3.1, Numbers en versiones anteriores a 3.1 y Keynote en versiones anteriores a 3.1 en iOS est\u00e1n afectados. El problema involucra al componente \"Export\". Esto permite a usuarios eludir la protecci\u00f3n de contrase\u00f1a iWork PDF aprovechando el uso de 40-bit RC4."
}
],
"id": "CVE-2017-2391",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T01:59:00.667",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97126"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038134"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038135"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038136"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207595"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7034
Vulnerability from fkie_nvd - Published: 2015-10-18 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html | Vendor Advisory | |
| product-security@apple.com | http://www.securitytracker.com/id/1033821 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://support.apple.com/HT205373 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033821 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT205373 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D18EAE-3E40-4E8B-8276-6A96B7874DDD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE816C24-5B72-4913-8BB2-A30730631937",
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Apple iWork en versiones anteriores a 2.6 para iOS y Apple Pages en versiones anteriores a 5.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un documento Pages manipulado."
}
],
"id": "CVE-2015-7034",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-18T19:59:06.293",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7033
Vulnerability from fkie_nvd - Published: 2015-10-18 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10874393-972D-434A-A4D8-958BBE93B19A",
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE816C24-5B72-4913-8BB2-A30730631937",
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2649-1CD1-4F36-9C0B-5B47CDCB55CB",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D18EAE-3E40-4E8B-8276-6A96B7874DDD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Apple iWork en versiones anteriores a 2.6 para iOS, Apple Keynote en versiones anteriores a 6.6, Apple Pages en versiones anteriores a 5.6 y Apple Numbers en versiones anteriores a 3.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2015-7033",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-18T19:59:05.183",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7032
Vulnerability from fkie_nvd - Published: 2015-10-18 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10874393-972D-434A-A4D8-958BBE93B19A",
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D18EAE-3E40-4E8B-8276-6A96B7874DDD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE816C24-5B72-4913-8BB2-A30730631937",
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2649-1CD1-4F36-9C0B-5B47CDCB55CB",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Apple iWork en versiones anteriores a 2.6 para iOS, Apple Keynote en versiones anteriores a 6.6, Apple Pages en versiones anteriores a 5.6 y Apple Numbers en versiones anteriores a 3.6 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2015-7032",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-18T19:59:04.040",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3784
Vulnerability from fkie_nvd - Published: 2015-08-16 23:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D52ECBD-7375-4FC9-BE05-2354EEA1332F",
"versionEndIncluding": "8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:numbers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10874393-972D-434A-A4D8-958BBE93B19A",
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A2649-1CD1-4F36-9C0B-5B47CDCB55CB",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:pages:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE816C24-5B72-4913-8BB2-A30730631937",
"versionEndIncluding": "5.5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:iwork:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D18EAE-3E40-4E8B-8276-6A96B7874DDD",
"versionEndIncluding": "2.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
},
{
"lang": "es",
"value": "Vulnerabilidad en Office Viewer en Apple iOS en versiones anteriores a 8.4.1 y OS X en versiones anteriores a 10.10.5, permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionada con un problema de entidad externa XML (XXE)."
}
],
"id": "CVE-2015-3784",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-16T23:59:56.923",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/76343"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT205373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-1252
Vulnerability from fkie_nvd - Published: 2014-01-24 15:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:pages:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89533ECC-3866-400C-A3E0-3A46E5C850A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCBFCCB1-7621-4670-9C88-84021E472694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2BEDE7-0805-4124-B1C8-55D1CD406B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3204B1BD-5E90-46C1-9CDD-E4F71ED21090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:pages:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A49033F-9608-4F5C-9CF3-5EE525BAB88C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8303A91-5C8F-4709-83D6-3D211F9C57EE",
"versionEndIncluding": "10.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F18A638-28CD-4D5C-86EB-74CE423FBE62",
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberaci\u00f3n en Apple Pages v2.x anterior a v2.1 y v5.x anterior a v5.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de Microsoft Word manipulado."
}
],
"id": "CVE-2014-1252",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-24T15:08:00.933",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/102460"
},
{
"source": "product-security@apple.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/56615"
},
{
"source": "product-security@apple.com",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/56630"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6117"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/102460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/56615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/56630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-2391 (GCVE-0-2017-2391)
Vulnerability from cvelistv5 – Published: 2017-04-02 01:36 – Updated: 2024-08-05 13:55
VLAI?
Summary
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:05.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1038135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038135",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038134"
},
{
"name": "https://support.apple.com/HT207595",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-2391",
"datePublished": "2017-04-02T01:36:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:05.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7032 (GCVE-0-2015-7032)
Vulnerability from cvelistv5 – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7032",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7033 (GCVE-0-2015-7033)
Vulnerability from cvelistv5 – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7033",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7034 (GCVE-0-2015-7034)
Vulnerability from cvelistv5 – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033821",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7034",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3784 (GCVE-0-2015-3784)
Vulnerability from cvelistv5 – Published: 2015-08-16 23:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:14.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76343"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76343"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-3784",
"datePublished": "2015-08-16T23:00:00",
"dateReserved": "2015-05-07T00:00:00",
"dateUpdated": "2024-08-06T05:56:14.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1252 (GCVE-0-2014-1252)
Vulnerability from cvelistv5 – Published: 2014-01-24 15:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029683"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65113"
},
{
"name": "http://support.apple.com/kb/HT6162",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"refsource": "OSVDB",
"url": "http://osvdb.org/102460"
},
{
"name": "http://support.apple.com/kb/HT6117",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-1252",
"datePublished": "2014-01-24T15:00:00",
"dateReserved": "2014-01-08T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2391 (GCVE-0-2017-2391)
Vulnerability from nvd – Published: 2017-04-02 01:36 – Updated: 2024-08-05 13:55
VLAI?
Summary
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:05.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1038135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the \"Export\" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038135",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038135"
},
{
"name": "1038134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038134"
},
{
"name": "https://support.apple.com/HT207595",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207595"
},
{
"name": "1038136",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038136"
},
{
"name": "97126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-2391",
"datePublished": "2017-04-02T01:36:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:05.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7032 (GCVE-0-2015-7032)
Vulnerability from nvd – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7032",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7033 (GCVE-0-2015-7033)
Vulnerability from nvd – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033823"
},
{
"name": "1033825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033825"
},
{
"name": "1033826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033826"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7033",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7034 (GCVE-0-2015-7034)
Vulnerability from nvd – Published: 2015-10-18 19:00 – Updated: 2024-08-06 07:36
VLAI?
Summary
The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1033821",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-7034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Pages document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033821",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033821"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-7034",
"datePublished": "2015-10-18T19:00:00",
"dateReserved": "2015-09-16T00:00:00",
"dateUpdated": "2024-08-06T07:36:35.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3784 (GCVE-0-2015-3784)
Vulnerability from nvd – Published: 2015-08-16 23:00 – Updated: 2024-08-06 05:56
VLAI?
Summary
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:56:14.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76343"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76343"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205373"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "APPLE-SA-2015-10-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
},
{
"name": "https://support.apple.com/HT205373",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205373"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-3784",
"datePublished": "2015-08-16T23:00:00",
"dateReserved": "2015-05-07T00:00:00",
"dateUpdated": "2024-08-06T05:56:14.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1252 (GCVE-0-2014-1252)
Vulnerability from nvd – Published: 2014-01-24 15:00 – Updated: 2024-08-06 09:34
VLAI?
Summary
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:41.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029683"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-pages-cve20141252-code-exec(90672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90672"
},
{
"name": "1029683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029683"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "56630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56630"
},
{
"name": "56615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56615"
},
{
"name": "65113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65113"
},
{
"name": "http://support.apple.com/kb/HT6162",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6162"
},
{
"name": "102460",
"refsource": "OSVDB",
"url": "http://osvdb.org/102460"
},
{
"name": "http://support.apple.com/kb/HT6117",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-1252",
"datePublished": "2014-01-24T15:00:00",
"dateReserved": "2014-01-08T00:00:00",
"dateUpdated": "2024-08-06T09:34:41.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}