Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-4591 (GCVE-0-2016-4591)
Vulnerability from cvelistv5 – Published: 2016-07-22 01:00 – Updated: 2024-08-06 00:32
VLAI?
EPSS
Summary
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "91830",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206900"
},
{
"name": "1036343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036343"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206902"
},
{
"name": "APPLE-SA-2016-07-18-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2016-07-18-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "91830",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206900"
},
{
"name": "1036343",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036343"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206902"
},
{
"name": "APPLE-SA-2016-07-18-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "91830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91830"
},
{
"name": "https://support.apple.com/HT206900",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206900"
},
{
"name": "1036343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036343"
},
{
"name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "APPLE-SA-2016-07-18-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4591",
"datePublished": "2016-07-22T01:00:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"461EFB63-7933-488C-BB4E-7C913364F5A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.1.2\", \"matchCriteriaId\": \"7B608DDE-2886-440E-A78B-4B6305BE37E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.3\", \"matchCriteriaId\": \"58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.2\", \"matchCriteriaId\": \"DE82A10D-FF16-469F-9CC0-D97EE6B694BA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localizaci\\u00f3n, lo que permite a atacantes remotos acceder al sistema de archivos local a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2016-4591",
"lastModified": "2024-11-21T02:52:34.400",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-07-22T02:59:14.473",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/539295/100/0/threaded\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/91830\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036343\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT206900\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206902\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206905\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/539295/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/91830\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036343\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT206900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206905\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-4591\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-07-22T02:59:14.473\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localizaci\u00f3n, lo que permite a atacantes remotos acceder al sistema de archivos local a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461EFB63-7933-488C-BB4E-7C913364F5A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.1.2\",\"matchCriteriaId\":\"7B608DDE-2886-440E-A78B-4B6305BE37E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.2\",\"matchCriteriaId\":\"DE82A10D-FF16-469F-9CC0-D97EE6B694BA\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/539295/100/0/threaded\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/91830\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036343\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT206900\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206902\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206905\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/539295/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/91830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036343\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT206900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206905\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GSD-2016-4591
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-4591",
"description": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
"id": "GSD-2016-4591",
"references": [
"https://www.suse.com/security/cve/CVE-2016-4591.html",
"https://ubuntu.com/security/CVE-2016-4591",
"https://advisories.mageia.org/CVE-2016-4591.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-4591"
],
"details": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
"id": "GSD-2016-4591",
"modified": "2023-12-13T01:21:18.636389Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "91830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91830"
},
{
"name": "https://support.apple.com/HT206900",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206900"
},
{
"name": "1036343",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036343"
},
{
"name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206902"
},
{
"name": "APPLE-SA-2016-07-18-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.2",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4591"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2016-07-18-2",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"name": "APPLE-SA-2016-07-18-4",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"name": "https://support.apple.com/HT206905",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"name": "https://support.apple.com/HT206902",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"name": "APPLE-SA-2016-07-18-5",
"refsource": "APPLE",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
},
{
"name": "https://support.apple.com/HT206900",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206900"
},
{
"name": "91830",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91830"
},
{
"name": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"name": "1036343",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036343"
},
{
"name": "20160825 WebKitGTK+ Security Advisory WSA-2016-0005",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-03-25T17:04Z",
"publishedDate": "2016-07-22T02:59Z"
}
}
}
GHSA-528C-RRJ8-7MCH
Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2022-05-14 01:16
VLAI?
Details
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-4591"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-22T02:59:00Z",
"severity": "HIGH"
},
"details": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
"id": "GHSA-528c-rrj8-7mch",
"modified": "2022-05-14T01:16:36Z",
"published": "2022-05-14T01:16:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4591"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206900"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206902"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT206905"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91830"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036343"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2016-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple tvOS versions antérieures à 9.2.2 | ||
| Apple | N/A | Apple iTunes pour Windows versions antérieures à 12.4.2 | ||
| Apple | N/A | Apple iCloud pour Windows versions antérieures à 5.2.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 9.1.2 | ||
| Apple | N/A | Apple watchOS versions antérieures à 2.2.2 | ||
| Apple | N/A | Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004 | ||
| Apple | N/A | Apple iOS versions antérieures à 9.3.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
},
{
"name": "CVE-2016-1865",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
},
{
"name": "CVE-2016-4584",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
},
{
"name": "CVE-2016-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
},
{
"name": "CVE-2016-4629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
},
{
"name": "CVE-2016-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
},
{
"name": "CVE-2016-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
},
{
"name": "CVE-2016-4646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
},
{
"name": "CVE-2016-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
},
{
"name": "CVE-2016-4582",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2016-4595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-4589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
},
{
"name": "CVE-2016-4627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
},
{
"name": "CVE-2016-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
},
{
"name": "CVE-2016-4631",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
},
{
"name": "CVE-2016-4615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
},
{
"name": "CVE-2016-4632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2016-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
},
{
"name": "CVE-2016-4621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
},
{
"name": "CVE-2016-4592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-4624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
},
{
"name": "CVE-2016-4634",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2016-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
},
{
"name": "CVE-2016-4596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
},
{
"name": "CVE-2016-4588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
},
{
"name": "CVE-2016-4597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
},
{
"name": "CVE-2016-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
},
{
"name": "CVE-2016-4633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
},
{
"name": "CVE-2016-4587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
},
{
"name": "CVE-2016-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
},
{
"name": "CVE-2016-4652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
},
{
"name": "CVE-2016-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-4594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
},
{
"name": "CVE-2016-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
},
{
"name": "CVE-2016-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
},
{
"name": "CVE-2016-4647",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
},
{
"name": "CVE-2016-4583",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
},
{
"name": "CVE-2014-9862",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
},
{
"name": "CVE-2016-4625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
},
{
"name": "CVE-2016-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
},
{
"name": "CVE-2016-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
},
{
"name": "CVE-2016-4640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
},
{
"name": "CVE-2016-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
},
{
"name": "CVE-2016-4585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
},
{
"name": "CVE-2016-4593",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
},
{
"name": "CVE-2016-4635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4638",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
},
{
"name": "CVE-2016-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
},
{
"name": "CVE-2016-4591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
},
{
"name": "CVE-2016-4630",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
},
{
"name": "CVE-2016-4604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
},
{
"name": "CVE-2016-4628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
},
{
"name": "CVE-2016-4626",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
},
{
"name": "CVE-2016-4651",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
},
{
"name": "CVE-2016-4483",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-239",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206902"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206905"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206901"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206904"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206899"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206900"
}
]
}
CERTFR-2016-AVI-239
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple tvOS versions antérieures à 9.2.2 | ||
| Apple | N/A | Apple iTunes pour Windows versions antérieures à 12.4.2 | ||
| Apple | N/A | Apple iCloud pour Windows versions antérieures à 5.2.1 | ||
| Apple | Safari | Apple Safari versions antérieures à 9.1.2 | ||
| Apple | N/A | Apple watchOS versions antérieures à 2.2.2 | ||
| Apple | N/A | Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004 | ||
| Apple | N/A | Apple iOS versions antérieures à 9.3.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
},
{
"name": "CVE-2016-1865",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
},
{
"name": "CVE-2016-4584",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
},
{
"name": "CVE-2016-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2016-4648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
},
{
"name": "CVE-2016-4629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
},
{
"name": "CVE-2016-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
},
{
"name": "CVE-2016-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
},
{
"name": "CVE-2016-4646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
},
{
"name": "CVE-2016-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
},
{
"name": "CVE-2016-4582",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2016-4595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-4589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
},
{
"name": "CVE-2016-4627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
},
{
"name": "CVE-2016-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
},
{
"name": "CVE-2016-4631",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
},
{
"name": "CVE-2016-4615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
},
{
"name": "CVE-2016-4632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2016-4649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
},
{
"name": "CVE-2016-4621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
},
{
"name": "CVE-2016-4592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-4624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
},
{
"name": "CVE-2016-4634",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2016-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
},
{
"name": "CVE-2016-4596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
},
{
"name": "CVE-2016-4588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2016-4637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
},
{
"name": "CVE-2016-4597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
},
{
"name": "CVE-2016-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
},
{
"name": "CVE-2016-4633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2016-4605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
},
{
"name": "CVE-2016-4587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
},
{
"name": "CVE-2016-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
},
{
"name": "CVE-2016-4652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
},
{
"name": "CVE-2016-4586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2016-4594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
},
{
"name": "CVE-2016-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
},
{
"name": "CVE-2016-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
},
{
"name": "CVE-2016-4647",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
},
{
"name": "CVE-2016-4583",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
},
{
"name": "CVE-2014-9862",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
},
{
"name": "CVE-2016-4625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
},
{
"name": "CVE-2016-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
},
{
"name": "CVE-2016-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
},
{
"name": "CVE-2016-4640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
},
{
"name": "CVE-2016-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
},
{
"name": "CVE-2016-4585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
},
{
"name": "CVE-2016-4593",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
},
{
"name": "CVE-2016-4635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2016-4638",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
},
{
"name": "CVE-2016-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
},
{
"name": "CVE-2016-4591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
},
{
"name": "CVE-2016-4630",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
},
{
"name": "CVE-2016-4604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-4622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
},
{
"name": "CVE-2016-4628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
},
{
"name": "CVE-2016-4626",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
},
{
"name": "CVE-2016-4651",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
},
{
"name": "CVE-2016-4483",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-239",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206902"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206905"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206903"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206901"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206904"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206899"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
"url": "https://support.apple.com/en-us/HT206900"
}
]
}
OPENSUSE-SU-2024:10572-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libjavascriptcoregtk-4_0-18-2.14.2-2.1 on GA media
Notes
Title of the patch
libjavascriptcoregtk-4_0-18-2.14.2-2.1 on GA media
Description of the patch
These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.14.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libjavascriptcoregtk-4_0-18-2.14.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libjavascriptcoregtk-4_0-18-2.14.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10572",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10572-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1856 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1857 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4590 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4591 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4622 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4624 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4624/"
}
],
"title": "libjavascriptcoregtk-4_0-18-2.14.2-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10572-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"product_id": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"product_id": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"product": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"product_id": "libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"product": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"product_id": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"product": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"product_id": "libwebkit2gtk3-lang-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"product_id": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.14.2-2.1.aarch64",
"product": {
"name": "webkit-jsc-4-2.14.2-2.1.aarch64",
"product_id": "webkit-jsc-4-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"product_id": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.14.2-2.1.aarch64",
"product": {
"name": "webkit2gtk3-devel-2.14.2-2.1.aarch64",
"product_id": "webkit2gtk3-devel-2.14.2-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"product": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"product_id": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"product_id": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"product": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"product_id": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"product": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"product_id": "libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"product": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"product_id": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"product": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"product_id": "libwebkit2gtk3-lang-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"product_id": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.14.2-2.1.ppc64le",
"product": {
"name": "webkit-jsc-4-2.14.2-2.1.ppc64le",
"product_id": "webkit-jsc-4-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"product_id": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"product": {
"name": "webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"product_id": "webkit2gtk3-devel-2.14.2-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"product": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"product_id": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"product_id": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"product": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"product_id": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"product": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"product_id": "libwebkit2gtk-4_0-37-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"product": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"product_id": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"product": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"product_id": "libwebkit2gtk3-lang-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"product_id": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.14.2-2.1.s390x",
"product": {
"name": "webkit-jsc-4-2.14.2-2.1.s390x",
"product_id": "webkit-jsc-4-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"product_id": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.14.2-2.1.s390x",
"product": {
"name": "webkit2gtk3-devel-2.14.2-2.1.s390x",
"product_id": "webkit2gtk3-devel-2.14.2-2.1.s390x"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"product": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"product_id": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"product_id": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"product": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"product_id": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"product": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"product_id": "libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"product": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"product_id": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"product": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"product_id": "libwebkit2gtk3-lang-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"product": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"product_id": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"product": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"product_id": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"product": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"product_id": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit-jsc-4-2.14.2-2.1.x86_64",
"product": {
"name": "webkit-jsc-4-2.14.2-2.1.x86_64",
"product_id": "webkit-jsc-4-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"product": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"product_id": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-2.14.2-2.1.x86_64",
"product": {
"name": "webkit2gtk3-devel-2.14.2-2.1.x86_64",
"product_id": "webkit2gtk3-devel-2.14.2-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64",
"product": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64",
"product_id": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le"
},
"product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x"
},
"product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64"
},
"product_reference": "libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64"
},
"product_reference": "libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le"
},
"product_reference": "libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x"
},
"product_reference": "libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64"
},
"product_reference": "libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64"
},
"product_reference": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le"
},
"product_reference": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x"
},
"product_reference": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64"
},
"product_reference": "libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64"
},
"product_reference": "libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le"
},
"product_reference": "libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x"
},
"product_reference": "libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libwebkit2gtk3-lang-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64"
},
"product_reference": "libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64"
},
"product_reference": "typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64"
},
"product_reference": "typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64"
},
"product_reference": "typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64"
},
"product_reference": "webkit-jsc-4-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le"
},
"product_reference": "webkit-jsc-4-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x"
},
"product_reference": "webkit-jsc-4-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit-jsc-4-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64"
},
"product_reference": "webkit-jsc-4-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64"
},
"product_reference": "webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64"
},
"product_reference": "webkit2gtk3-devel-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le"
},
"product_reference": "webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x"
},
"product_reference": "webkit2gtk3-devel-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64"
},
"product_reference": "webkit2gtk3-devel-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64"
},
"product_reference": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le"
},
"product_reference": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x"
},
"product_reference": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
},
"product_reference": "webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1856"
}
],
"notes": [
{
"category": "general",
"text": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1856",
"url": "https://www.suse.com/security/cve/CVE-2016-1856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1856"
},
{
"cve": "CVE-2016-1857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1857"
}
],
"notes": [
{
"category": "general",
"text": "WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1857",
"url": "https://www.suse.com/security/cve/CVE-2016-1857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1857"
},
{
"cve": "CVE-2016-4590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4590"
}
],
"notes": [
{
"category": "general",
"text": "WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4590",
"url": "https://www.suse.com/security/cve/CVE-2016-4590"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4590"
},
{
"cve": "CVE-2016-4591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4591"
}
],
"notes": [
{
"category": "general",
"text": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4591",
"url": "https://www.suse.com/security/cve/CVE-2016-4591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-4591"
},
{
"cve": "CVE-2016-4622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4622"
}
],
"notes": [
{
"category": "general",
"text": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4622",
"url": "https://www.suse.com/security/cve/CVE-2016-4622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-4622"
},
{
"cve": "CVE-2016-4624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4624"
}
],
"notes": [
{
"category": "general",
"text": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4624",
"url": "https://www.suse.com/security/cve/CVE-2016-4624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libjavascriptcoregtk-4_0-18-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk-4_0-37-32bit-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:libwebkit2gtk3-lang-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-JavaScriptCore-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-WebKit2WebExtension-4_0-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit-jsc-4-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk-4_0-injected-bundles-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-devel-2.14.2-2.1.x86_64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.aarch64",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.ppc64le",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.s390x",
"openSUSE Tumbleweed:webkit2gtk3-plugin-process-gtk2-2.14.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-4624"
}
]
}
VAR-201607-0335
Vulnerability from variot - Updated: 2023-12-18 10:52WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Apple iOS , Safari ,and tvOS Used in etc. WebKit Contains a vulnerability in which the local file system is accessed due to incorrect handling of position variables. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party could access your local file system. Attackers can exploit these issues to execute arbitrary code, gain sensitive information or steal cookie-based authentication credentials and launch other attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1
. (www.mbsd.jp)
Safari 9.1.2 may be obtained from the Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0005
Date reported : August 25, 2016 Advisory ID : WSA-2016-0005 Advisory URL : https://webkitgtk.org/security/WSA-2016-0005.html CVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-4583 Versions affected: WebKitGTK+ before 2.12.2. Credit to Roeland Krak.
CVE-2016-4585 Versions affected: WebKitGTK+ before 2.12.1. (www.mbsd.jp).
CVE-2016-4586 Versions affected: WebKitGTK+ before 2.12.1. Credit to Apple.
CVE-2016-4587 Versions affected: WebKitGTK+ before 2.10.1. Credit to Apple.
CVE-2016-4588 Versions affected: WebKitGTK+ before 2.12.3. Credit to Apple.
CVE-2016-4589 Versions affected: WebKitGTK+ before 2.12.3. Credit to Tongbo Luo and Bo Qu of Palo Alto Networks.
CVE-2016-4590 Versions affected: WebKitGTK+ before 2.12.4. Credit to xisigr of Tencent's Xuanwu Lab (www.tencent.com).
CVE-2016-4591 Versions affected: WebKitGTK+ before 2.12.4. Credit to ma.la of LINE Corporation.
CVE-2016-4592 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mikhail.
CVE-2016-4622 Versions affected: WebKitGTK+ before 2.12.4. Credit to Samuel Gross working with Trend Micro's Zero Day Initiative.
CVE-2016-4623 Versions affected: WebKitGTK+ before 2.12.0. Credit to Apple.
CVE-2016-4624 Versions affected: WebKitGTK+ before 2.12.4. Credit to Apple.
CVE-2016-4651 Versions affected: WebKitGTK+ before 2.12.0. Credit to Obscure. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, August 25, 2016
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-2 iOS 9.3.3
iOS 9.3.3 is now available and addresses the following:
Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center
CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com)
Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)
Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9.3.3".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webkit",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.3.3 (ipod touch first 5 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1.2 (os x el capitan v10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1.2 (os x mavericks v10.9.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1.2 (os x yosemite v10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.2 (apple tv first 4 generation )"
},
{
"model": "webkit",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.4"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "directory pro",
"scope": "eq",
"trust": 0.3,
"vendor": "cosmicperl",
"version": "10.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.03"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "91830"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.1.2",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.2",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4591"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roeland Krak, Chris Vienneau, Takeshi Terada of Mitsui Bussan Secure Directions,\nInc, Tongbo Luo and Bo Qu of Palo Alto Networks, ma.la of LINE Corporation, Mikhail, Samuel Gross working with Trend Micro??s Zero Day\nInitiative and Apple.",
"sources": [
{
"db": "BID",
"id": "91830"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4591",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-4591",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-93410",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4591",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4591",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-853",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93410",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. Apple iOS , Safari ,and tvOS Used in etc. WebKit Contains a vulnerability in which the local file system is accessed due to incorrect handling of position variables. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party could access your local file system. \nAttackers can exploit these issues to execute arbitrary code, gain sensitive information or steal cookie-based authentication credentials and launch other attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. \n===========================================================================\nUbuntu Security Notice USN-3079-1\nSeptember 14, 2016\n\nwebkit2gtk vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3079-1\n CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858,\n CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,\n CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591,\n CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1\n\n\n\n. (www.mbsd.jp)\n\nSafari 9.1.2 may be obtained from the Mac App Store. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2016-0005\n------------------------------------------------------------------------\n\nDate reported : August 25, 2016\nAdvisory ID : WSA-2016-0005\nAdvisory URL : https://webkitgtk.org/security/WSA-2016-0005.html\nCVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,\n CVE-2016-4587, CVE-2016-4588, CVE-2016-4589,\n CVE-2016-4590, CVE-2016-4591, CVE-2016-4592,\n CVE-2016-4622, CVE-2016-4623, CVE-2016-4624,\n CVE-2016-4651. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2016-4583\n Versions affected: WebKitGTK+ before 2.12.2. \n Credit to Roeland Krak. \n\nCVE-2016-4585\n Versions affected: WebKitGTK+ before 2.12.1. \n (www.mbsd.jp). \n\nCVE-2016-4586\n Versions affected: WebKitGTK+ before 2.12.1. \n Credit to Apple. \n\nCVE-2016-4587\n Versions affected: WebKitGTK+ before 2.10.1. \n Credit to Apple. \n\nCVE-2016-4588\n Versions affected: WebKitGTK+ before 2.12.3. \n Credit to Apple. \n\nCVE-2016-4589\n Versions affected: WebKitGTK+ before 2.12.3. \n Credit to Tongbo Luo and Bo Qu of Palo Alto Networks. \n\nCVE-2016-4590\n Versions affected: WebKitGTK+ before 2.12.4. \n Credit to xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com). \n\nCVE-2016-4591\n Versions affected: WebKitGTK+ before 2.12.4. \n Credit to ma.la of LINE Corporation. \n\nCVE-2016-4592\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Mikhail. \n\nCVE-2016-4622\n Versions affected: WebKitGTK+ before 2.12.4. \n Credit to Samuel Gross working with Trend Micro\u0027s Zero Day\n Initiative. \n\nCVE-2016-4623\n Versions affected: WebKitGTK+ before 2.12.0. \n Credit to Apple. \n\nCVE-2016-4624\n Versions affected: WebKitGTK+ before 2.12.4. \n Credit to Apple. \n\nCVE-2016-4651\n Versions affected: WebKitGTK+ before 2.12.0. \n Credit to Obscure. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nAugust 25, 2016\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-2 iOS 9.3.3\n\niOS 9.3.3 is now available and addresses the following:\n\nCalendar\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted calendar invite may cause a device to\nunexpectedly restart\nDescription: A null pointer dereference was addressed through\nimproved memory handling. \nCVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical\nCenter\n\nCoreGraphics\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nFaceTime\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses to invalid ports may have allowed a\nmalicious website to display an arbitrary domain while displaying\narbitrary content. This issue was addressed through improved URL\ndisplay logic. \nCVE-2016-4604 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com)\n\nSandbox Profiles\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nSiri Contacts\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to a device may be able to see\nprivate contact information\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed through improved state management. \nCVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)\n\nWeb Media\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Viewing a video in Safari\u0027s Private Browsing mode displays\nthe URL of the video outside of Private Browsing mode\nDescription: A privacy issue existed in the handling of user data by\nSafari View Controller. This issue was addressed through improved\nstate management. \nCVE-2016-4603 : Brian Porter (@portex33)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An origin inheritance issue existed in parsing of\nabout: URLs. This was addressed through improved validation of\nsecurity origins. \nCVE-2016-4590 : xisigr of Tencent\u0027s Xuanwu Lab (www.tencent.com), an\nanonymous researcher\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit JavaScript Bindings\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to script\nexecution in the context of a non-HTTP service\nDescription: A cross-protocol cross-site scripting (XPXSS) issue\nexisted in Safari when submitting forms to non-HTTP services\ncompatible with HTTP/0.9. This issue was addressed by disabling\nscripts and plugins on resources loaded over HTTP/0.9. \nCVE-2016-4651 : Obscure\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9.3.3\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx\nhvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj\nuS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV\n5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1\nlC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S\nCVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1\nH+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6\nSeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo\n4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ\nitACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr\nf9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg\n/esomms9/qUSQyOF2huK\n=zqBF\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "BID",
"id": "91830"
},
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "PACKETSTORM",
"id": "138715"
},
{
"db": "PACKETSTORM",
"id": "137962"
},
{
"db": "PACKETSTORM",
"id": "138502"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4591",
"trust": 3.3
},
{
"db": "BID",
"id": "91830",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "138502",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1036343",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU94844193",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-486",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-16-485",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137962",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137959",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137961",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "BID",
"id": "91830"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "PACKETSTORM",
"id": "138715"
},
{
"db": "PACKETSTORM",
"id": "137962"
},
{
"db": "PACKETSTORM",
"id": "138502"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"id": "VAR-201607-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93410"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:52:22.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-07-18-5 Safari 9.1.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00004.html"
},
{
"title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206905"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206902"
},
{
"title": "HT206900",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206900"
},
{
"title": "HT206900",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206900"
},
{
"title": "HT206905",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206905"
},
{
"title": "HT206902",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht206902"
},
{
"title": "Multiple Apple Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63213"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/91830"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206900"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206902"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206905"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/138502/webkitgtk-sop-bypass-information-disclosure.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036343"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4591"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94844193/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4591"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4591"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4583"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4589"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4585"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4586"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4590"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4622"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4592"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4587"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-485/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-486/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4623"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4651"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4624"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4588"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4584"
},
{
"trust": 0.3,
"url": "https://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://www.mbsd.jp)"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.tencent.com)"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3079-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1856"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1858"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2016-0005.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://www.mbsd.jp)."
},
{
"trust": 0.1,
"url": "https://www.tencent.com)."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4605"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4604"
},
{
"trust": 0.1,
"url": "https://www.tencent.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4593"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "BID",
"id": "91830"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "PACKETSTORM",
"id": "138715"
},
{
"db": "PACKETSTORM",
"id": "137962"
},
{
"db": "PACKETSTORM",
"id": "138502"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93410"
},
{
"db": "BID",
"id": "91830"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"db": "PACKETSTORM",
"id": "138715"
},
{
"db": "PACKETSTORM",
"id": "137962"
},
{
"db": "PACKETSTORM",
"id": "138502"
},
{
"db": "PACKETSTORM",
"id": "137959"
},
{
"db": "PACKETSTORM",
"id": "137961"
},
{
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93410"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91830"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"date": "2016-09-14T16:52:04",
"db": "PACKETSTORM",
"id": "138715"
},
{
"date": "2016-07-19T20:05:55",
"db": "PACKETSTORM",
"id": "137962"
},
{
"date": "2016-08-25T04:44:44",
"db": "PACKETSTORM",
"id": "138502"
},
{
"date": "2016-07-19T19:47:55",
"db": "PACKETSTORM",
"id": "137959"
},
{
"date": "2016-07-19T20:04:09",
"db": "PACKETSTORM",
"id": "137961"
},
{
"date": "2016-07-22T02:59:14.473000",
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"date": "2016-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93410"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91830"
},
{
"date": "2016-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004058"
},
{
"date": "2019-03-25T17:04:12.390000",
"db": "NVD",
"id": "CVE-2016-4591"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138715"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Local file system access vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004058"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-853"
}
],
"trust": 0.6
}
}
CNVD-2016-05773
Vulnerability from cnvd - Published: 2016-08-01
VLAI Severity ?
Title
多款Apple产品WebKit未授权访问漏洞
Description
Apple iOS、Safari和tvOS都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。WebKit是KDE社区开发的一套开源Web浏览器引擎,目前被Apple Safari及Google Chrome等浏览器使用。
Apple iOS 9.3.3之前版本、Safari 9.1.2之前版本和tvOS 9.2.2之前版本中的WebKit中存在未授权访问漏洞,该漏洞源于程序错误处理location变量。远程攻击者可利用该漏洞访问本地文件系统。
Severity
高
Patch Name
多款Apple产品WebKit未授权访问漏洞的补丁
Patch Description
Apple iOS、Safari和tvOS都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。WebKit是KDE社区开发的一套开源Web浏览器引擎,目前被Apple Safari及Google Chrome等浏览器使用。
Apple iOS 9.3.3之前版本、Safari 9.1.2之前版本和tvOS 9.2.2之前版本中的WebKit中存在未授权访问漏洞,该漏洞源于程序错误处理location变量。远程攻击者可利用该漏洞访问本地文件系统。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://support.apple.com/HT206905
Reference
https://support.apple.com/HT206905
Impacted products
| Name | ['Apple IOS <9.3.3', 'Apple tvOS <9.2.2', 'Apple Safari <9.1.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-4591"
}
},
"description": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u9519\u8bef\u5904\u7406location\u53d8\u91cf\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u3002",
"discovererName": "ma.la of LINE Corporation",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/HT206905",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-05773",
"openTime": "2016-08-01",
"patchDescription": "Apple iOS\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 9.3.3\u4e4b\u524d\u7248\u672c\u3001Safari 9.1.2\u4e4b\u524d\u7248\u672c\u548ctvOS 9.2.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u9519\u8bef\u5904\u7406location\u53d8\u91cf\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Apple IOS \u003c9.3.3",
"Apple tvOS \u003c9.2.2",
"Apple Safari \u003c9.1.2"
]
},
"referenceLink": "https://support.apple.com/HT206905",
"serverity": "\u9ad8",
"submitTime": "2016-07-28",
"title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}
FKIE_CVE-2016-4591
Vulnerability from fkie_nvd - Published: 2016-07-22 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "461EFB63-7933-488C-BB4E-7C913364F5A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B608DDE-2886-440E-A78B-4B6305BE37E8",
"versionEndExcluding": "9.1.2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
"versionEndExcluding": "9.3.3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
"versionEndExcluding": "9.2.2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors."
},
{
"lang": "es",
"value": "Webkit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 no maneja correctamente la variable de localizaci\u00f3n, lo que permite a atacantes remotos acceder al sistema de archivos local a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-4591",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-22T02:59:14.473",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91830"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036343"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206900"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/539295/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT206905"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…