Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-2385 (GCVE-0-2017-2385)
Vulnerability from cvelistv5 – Published: 2017-04-02 01:36 – Updated: 2024-08-05 13:55
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:05.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038137",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207600"
},
{
"name": "97136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "1038137",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207600"
},
{
"name": "97136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "97136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-2385",
"datePublished": "2017-04-02T01:36:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:05.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.0.3\", \"matchCriteriaId\": \"825911CC-F341-4198-B830-E7CF701BB88D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \\\"Safari Login AutoFill\\\" component. It allows local users to obtain access to locked keychain items via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. Safari en versiones anteriores a 10.1 est\\u00e1 afectado. El problema involucra al componente \\\"Safari Login AutoFill\\\". Esto permite a usuarios locales obtener acceso a elementos bloqueados del llavero a trav\\u00e9s de vectores no especificados.\"}]",
"id": "CVE-2017-2385",
"lastModified": "2024-11-21T03:23:25.233",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-04-02T01:59:00.513",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/97136\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038137\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207600\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/97136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-2385\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-04-02T01:59:00.513\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \\\"Safari Login AutoFill\\\" component. It allows local users to obtain access to locked keychain items via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. Safari en versiones anteriores a 10.1 est\u00e1 afectado. El problema involucra al componente \\\"Safari Login AutoFill\\\". Esto permite a usuarios locales obtener acceso a elementos bloqueados del llavero a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0.3\",\"matchCriteriaId\":\"825911CC-F341-4198-B830-E7CF701BB88D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97136\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038137\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/97136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CNVD-2017-10992
Vulnerability from cnvd - Published: 2017-06-23
VLAI Severity ?
Title
Apple Safari Safari Login AutoFill组件本地安全绕过漏洞
Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari Login AutoFill是其中的一个Safari登录自动填充组件。
Apple Safari 10.1之前的版本中的Safari Login AutoFill组件存在安全漏洞。本地攻击者可利用该漏洞访问已锁的keychain项目。
Severity
低
Patch Name
Apple Safari Safari Login AutoFill组件本地安全绕过漏洞的补丁
Patch Description
Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。Safari Login AutoFill是其中的一个Safari登录自动填充组件。
Apple Safari 10.1之前的版本中的Safari Login AutoFill组件存在安全漏洞。本地攻击者可利用该漏洞访问已锁的keychain项目。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://www.apple.com/safari/
Reference
http://www.securityfocus.com/bid/97136
https://nvd.nist.gov/vuln/detail/CVE-2017-2385
Impacted products
| Name | Apple Safari <10.1 |
|---|
{
"bids": {
"bid": {
"bidNumber": "97136"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-2385",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2385"
}
},
"description": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari Login AutoFill\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSafari\u767b\u5f55\u81ea\u52a8\u586b\u5145\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 10.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Safari Login AutoFill\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5df2\u9501\u7684keychain\u9879\u76ee\u3002",
"discovererName": "Simon Woodside of MedStack",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e:\r\nhttp://www.apple.com/safari/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-10992",
"openTime": "2017-06-23",
"patchDescription": "Apple Safari\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Safari Login AutoFill\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSafari\u767b\u5f55\u81ea\u52a8\u586b\u5145\u7ec4\u4ef6\u3002\r\n\r\nApple Safari 10.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Safari Login AutoFill\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5df2\u9501\u7684keychain\u9879\u76ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple Safari Safari Login AutoFill\u7ec4\u4ef6\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple Safari \u003c10.1"
},
"referenceLink": "http://www.securityfocus.com/bid/97136\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2385",
"serverity": "\u4f4e",
"submitTime": "2017-05-24",
"title": "Apple Safari Safari Login AutoFill\u7ec4\u4ef6\u672c\u5730\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
CERTFR-2017-AVI-092
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3 | ||
| Apple | N/A | Pages versions antérieures à 3.1, Numbers versions antérieures à 3.1 et Keynote versions antérieures à 3.1 pour iOS | ||
| Apple | macOS | macOS Yosemite sans le Security Update 2017-001 | ||
| Apple | macOS | macOS Server versions antérieures à 5.3 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.4 | ||
| Apple | macOS | macOS El Capitan sans le Security Update 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 10.2 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1 | ||
| Apple | N/A | Pages versions antérieures à 6.1, Numbers versions antérieures à 4.1 et Keynote versions antérieures à 7.1 pour Mac |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 3.1, Numbers versions ant\u00e9rieures \u00e0 3.1 et Keynote versions ant\u00e9rieures \u00e0 3.1 pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Yosemite sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 6.1, Numbers versions ant\u00e9rieures \u00e0 4.1 et Keynote versions ant\u00e9rieures \u00e0 7.1 pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2455"
},
{
"name": "CVE-2016-7922",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7922"
},
{
"name": "CVE-2016-7936",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7936"
},
{
"name": "CVE-2017-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2464"
},
{
"name": "CVE-2017-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2397"
},
{
"name": "CVE-2017-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2414"
},
{
"name": "CVE-2017-2404",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2404"
},
{
"name": "CVE-2017-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2376"
},
{
"name": "CVE-2017-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6974"
},
{
"name": "CVE-2017-5203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5203"
},
{
"name": "CVE-2016-7933",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7933"
},
{
"name": "CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"name": "CVE-2017-5204",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5204"
},
{
"name": "CVE-2017-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2400"
},
{
"name": "CVE-2017-5484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5484"
},
{
"name": "CVE-2017-2413",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2413"
},
{
"name": "CVE-2017-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2391"
},
{
"name": "CVE-2017-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2420"
},
{
"name": "CVE-2017-2446",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2446"
},
{
"name": "CVE-2016-7993",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7993"
},
{
"name": "CVE-2016-7932",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7932"
},
{
"name": "CVE-2017-2431",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2431"
},
{
"name": "CVE-2017-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2367"
},
{
"name": "CVE-2016-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7973"
},
{
"name": "CVE-2016-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8575"
},
{
"name": "CVE-2017-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2418"
},
{
"name": "CVE-2017-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2412"
},
{
"name": "CVE-2017-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2426"
},
{
"name": "CVE-2017-2448",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2448"
},
{
"name": "CVE-2017-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2462"
},
{
"name": "CVE-2016-9540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9540"
},
{
"name": "CVE-2017-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2452"
},
{
"name": "CVE-2017-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2437"
},
{
"name": "CVE-2017-2423",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2423"
},
{
"name": "CVE-2017-2472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2472"
},
{
"name": "CVE-2016-9643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9643"
},
{
"name": "CVE-2016-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1001"
},
{
"name": "CVE-2016-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8574"
},
{
"name": "CVE-2017-2453",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2453"
},
{
"name": "CVE-2017-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2487"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2017-2396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2396"
},
{
"name": "CVE-2017-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2475"
},
{
"name": "CVE-2017-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2481"
},
{
"name": "CVE-2017-5483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5483"
},
{
"name": "CVE-2017-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2440"
},
{
"name": "CVE-2017-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2479"
},
{
"name": "CVE-2017-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2468"
},
{
"name": "CVE-2017-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2388"
},
{
"name": "CVE-2016-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1015"
},
{
"name": "CVE-2017-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2458"
},
{
"name": "CVE-2017-2471",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2471"
},
{
"name": "CVE-2016-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7975"
},
{
"name": "CVE-2016-7986",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7986"
},
{
"name": "CVE-2017-2406",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2406"
},
{
"name": "CVE-2017-5485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5485"
},
{
"name": "CVE-2017-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2441"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-2443",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2443"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2016-7934",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7934"
},
{
"name": "CVE-2017-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2463"
},
{
"name": "CVE-2017-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2392"
},
{
"name": "CVE-2016-9533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9533"
},
{
"name": "CVE-2017-2428",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2428"
},
{
"name": "CVE-2016-7928",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7928"
},
{
"name": "CVE-2017-2439",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2439"
},
{
"name": "CVE-2017-2408",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2408"
},
{
"name": "CVE-2017-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2390"
},
{
"name": "CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"name": "CVE-2017-2449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2449"
},
{
"name": "CVE-2016-7927",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7927"
},
{
"name": "CVE-2017-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2383"
},
{
"name": "CVE-2017-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2483"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2016-9536",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9536"
},
{
"name": "CVE-2017-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2486"
},
{
"name": "CVE-2017-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2465"
},
{
"name": "CVE-2017-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2422"
},
{
"name": "CVE-2016-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7974"
},
{
"name": "CVE-2017-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2425"
},
{
"name": "CVE-2017-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5341"
},
{
"name": "CVE-2017-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2399"
},
{
"name": "CVE-2017-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2389"
},
{
"name": "CVE-2017-2485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2485"
},
{
"name": "CVE-2016-7935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7935"
},
{
"name": "CVE-2017-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2478"
},
{
"name": "CVE-2017-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2467"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2435"
},
{
"name": "CVE-2016-9537",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9537"
},
{
"name": "CVE-2017-2407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2407"
},
{
"name": "CVE-2017-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2385"
},
{
"name": "CVE-2017-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2424"
},
{
"name": "CVE-2017-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2436"
},
{
"name": "CVE-2017-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2454"
},
{
"name": "CVE-2016-7984",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7984"
},
{
"name": "CVE-2016-7585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7585"
},
{
"name": "CVE-2016-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9935"
},
{
"name": "CVE-2016-7931",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7931"
},
{
"name": "CVE-2017-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2378"
},
{
"name": "CVE-2016-7939",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7939"
},
{
"name": "CVE-2017-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2377"
},
{
"name": "CVE-2017-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2402"
},
{
"name": "CVE-2017-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2427"
},
{
"name": "CVE-2017-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2473"
},
{
"name": "CVE-2017-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2398"
},
{
"name": "CVE-2017-2469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2469"
},
{
"name": "CVE-2016-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3619"
},
{
"name": "CVE-2017-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2459"
},
{
"name": "CVE-2017-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2386"
},
{
"name": "CVE-2017-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2401"
},
{
"name": "CVE-2016-7923",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7923"
},
{
"name": "CVE-2017-2419",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2419"
},
{
"name": "CVE-2017-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2474"
},
{
"name": "CVE-2016-7985",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7985"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2409"
},
{
"name": "CVE-2016-7992",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7992"
},
{
"name": "CVE-2017-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2380"
},
{
"name": "CVE-2017-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2484"
},
{
"name": "CVE-2017-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2466"
},
{
"name": "CVE-2017-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2393"
},
{
"name": "CVE-2017-2395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2395"
},
{
"name": "CVE-2017-2445",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2445"
},
{
"name": "CVE-2016-7929",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7929"
},
{
"name": "CVE-2017-2442",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2442"
},
{
"name": "CVE-2017-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2416"
},
{
"name": "CVE-2017-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2444"
},
{
"name": "CVE-2017-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2364"
},
{
"name": "CVE-2017-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5342"
},
{
"name": "CVE-2017-2415",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2415"
},
{
"name": "CVE-2017-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2379"
},
{
"name": "CVE-2017-2457",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2457"
},
{
"name": "CVE-2017-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2434"
},
{
"name": "CVE-2017-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2382"
},
{
"name": "CVE-2017-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2381"
},
{
"name": "CVE-2017-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2410"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-2421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2421"
},
{
"name": "CVE-2017-5205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5205"
},
{
"name": "CVE-2016-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7940"
},
{
"name": "CVE-2017-2438",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2438"
},
{
"name": "CVE-2017-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2460"
},
{
"name": "CVE-2017-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5482"
},
{
"name": "CVE-2016-7926",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7926"
},
{
"name": "CVE-2017-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2403"
},
{
"name": "CVE-2017-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2461"
},
{
"name": "CVE-2017-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2384"
},
{
"name": "CVE-2017-5486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5486"
},
{
"name": "CVE-2016-7937",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7937"
},
{
"name": "CVE-2016-7983",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7983"
},
{
"name": "CVE-2016-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1016"
},
{
"name": "CVE-2016-9642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9642"
},
{
"name": "CVE-2016-7925",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7925"
},
{
"name": "CVE-2017-2405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2405"
},
{
"name": "CVE-2017-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2417"
},
{
"name": "CVE-2017-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2447"
},
{
"name": "CVE-2017-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2482"
},
{
"name": "CVE-2017-2451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2451"
},
{
"name": "CVE-2017-2430",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2430"
},
{
"name": "CVE-2016-7930",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7930"
},
{
"name": "CVE-2017-2456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2456"
},
{
"name": "CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"name": "CVE-2017-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2432"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-2470",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2470"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2017-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2476"
},
{
"name": "CVE-2016-7938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7938"
},
{
"name": "CVE-2017-5202",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5202"
},
{
"name": "CVE-2016-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000"
},
{
"name": "CVE-2017-2433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2433"
},
{
"name": "CVE-2017-2450",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2450"
},
{
"name": "CVE-2017-2480",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2480"
},
{
"name": "CVE-2016-9535",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
},
{
"name": "CVE-2016-7924",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7924"
},
{
"name": "CVE-2017-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2429"
},
{
"name": "CVE-2017-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2394"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-092",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-28T00:00:00.000000"
},
{
"description": "ajout des informations li\u00e9es au bulletin de s\u00e9curit\u00e9 HT207607.",
"revision_date": "2017-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207604 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207607 du 28 mars 2017",
"url": "https://support.apple.com/en-us/HT207607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207615 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207615"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207602 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207600 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207595 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207601 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207617 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207617"
}
]
}
CERTFR-2017-AVI-092
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3 | ||
| Apple | N/A | Pages versions antérieures à 3.1, Numbers versions antérieures à 3.1 et Keynote versions antérieures à 3.1 pour iOS | ||
| Apple | macOS | macOS Yosemite sans le Security Update 2017-001 | ||
| Apple | macOS | macOS Server versions antérieures à 5.3 | ||
| Apple | macOS | macOS Sierra versions antérieures à 10.12.4 | ||
| Apple | macOS | macOS El Capitan sans le Security Update 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 10.2 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1 | ||
| Apple | N/A | Pages versions antérieures à 6.1, Numbers versions antérieures à 4.1 et Keynote versions antérieures à 7.1 pour Mac |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 3.1, Numbers versions ant\u00e9rieures \u00e0 3.1 et Keynote versions ant\u00e9rieures \u00e0 3.1 pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Yosemite sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le Security Update 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Pages versions ant\u00e9rieures \u00e0 6.1, Numbers versions ant\u00e9rieures \u00e0 4.1 et Keynote versions ant\u00e9rieures \u00e0 7.1 pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2455"
},
{
"name": "CVE-2016-7922",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7922"
},
{
"name": "CVE-2016-7936",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7936"
},
{
"name": "CVE-2017-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2464"
},
{
"name": "CVE-2017-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2397"
},
{
"name": "CVE-2017-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2414"
},
{
"name": "CVE-2017-2404",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2404"
},
{
"name": "CVE-2017-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2376"
},
{
"name": "CVE-2017-6974",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6974"
},
{
"name": "CVE-2017-5203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5203"
},
{
"name": "CVE-2016-7933",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7933"
},
{
"name": "CVE-2016-0736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0736"
},
{
"name": "CVE-2017-5204",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5204"
},
{
"name": "CVE-2017-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2400"
},
{
"name": "CVE-2017-5484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5484"
},
{
"name": "CVE-2017-2413",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2413"
},
{
"name": "CVE-2017-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2391"
},
{
"name": "CVE-2017-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2420"
},
{
"name": "CVE-2017-2446",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2446"
},
{
"name": "CVE-2016-7993",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7993"
},
{
"name": "CVE-2016-7932",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7932"
},
{
"name": "CVE-2017-2431",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2431"
},
{
"name": "CVE-2017-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2367"
},
{
"name": "CVE-2016-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7973"
},
{
"name": "CVE-2016-8575",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8575"
},
{
"name": "CVE-2017-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2418"
},
{
"name": "CVE-2017-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2412"
},
{
"name": "CVE-2017-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2426"
},
{
"name": "CVE-2017-2448",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2448"
},
{
"name": "CVE-2017-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2462"
},
{
"name": "CVE-2016-9540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9540"
},
{
"name": "CVE-2017-2452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2452"
},
{
"name": "CVE-2017-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2437"
},
{
"name": "CVE-2017-2423",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2423"
},
{
"name": "CVE-2017-2472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2472"
},
{
"name": "CVE-2016-9643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9643"
},
{
"name": "CVE-2016-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1001"
},
{
"name": "CVE-2016-8574",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8574"
},
{
"name": "CVE-2017-2453",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2453"
},
{
"name": "CVE-2017-2487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2487"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2017-2396",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2396"
},
{
"name": "CVE-2017-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2475"
},
{
"name": "CVE-2017-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2481"
},
{
"name": "CVE-2017-5483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5483"
},
{
"name": "CVE-2017-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2440"
},
{
"name": "CVE-2017-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2479"
},
{
"name": "CVE-2017-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2468"
},
{
"name": "CVE-2017-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2388"
},
{
"name": "CVE-2016-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1015"
},
{
"name": "CVE-2017-2458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2458"
},
{
"name": "CVE-2017-2471",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2471"
},
{
"name": "CVE-2016-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7975"
},
{
"name": "CVE-2016-7986",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7986"
},
{
"name": "CVE-2017-2406",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2406"
},
{
"name": "CVE-2017-5485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5485"
},
{
"name": "CVE-2017-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2441"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-2443",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2443"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2016-7934",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7934"
},
{
"name": "CVE-2017-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2463"
},
{
"name": "CVE-2017-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2392"
},
{
"name": "CVE-2016-9533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9533"
},
{
"name": "CVE-2017-2428",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2428"
},
{
"name": "CVE-2016-7928",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7928"
},
{
"name": "CVE-2017-2439",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2439"
},
{
"name": "CVE-2017-2408",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2408"
},
{
"name": "CVE-2017-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2390"
},
{
"name": "CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"name": "CVE-2017-2449",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2449"
},
{
"name": "CVE-2016-7927",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7927"
},
{
"name": "CVE-2017-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2383"
},
{
"name": "CVE-2017-2483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2483"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2016-9536",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9536"
},
{
"name": "CVE-2017-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2486"
},
{
"name": "CVE-2017-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2465"
},
{
"name": "CVE-2017-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2422"
},
{
"name": "CVE-2016-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7974"
},
{
"name": "CVE-2017-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2425"
},
{
"name": "CVE-2017-5341",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5341"
},
{
"name": "CVE-2017-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2399"
},
{
"name": "CVE-2017-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2389"
},
{
"name": "CVE-2017-2485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2485"
},
{
"name": "CVE-2016-7935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7935"
},
{
"name": "CVE-2017-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2478"
},
{
"name": "CVE-2017-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2467"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2435"
},
{
"name": "CVE-2016-9537",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9537"
},
{
"name": "CVE-2017-2407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2407"
},
{
"name": "CVE-2017-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2385"
},
{
"name": "CVE-2017-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2424"
},
{
"name": "CVE-2017-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2436"
},
{
"name": "CVE-2017-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2454"
},
{
"name": "CVE-2016-7984",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7984"
},
{
"name": "CVE-2016-7585",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7585"
},
{
"name": "CVE-2016-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9935"
},
{
"name": "CVE-2016-7931",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7931"
},
{
"name": "CVE-2017-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2378"
},
{
"name": "CVE-2016-7939",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7939"
},
{
"name": "CVE-2017-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2377"
},
{
"name": "CVE-2017-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2402"
},
{
"name": "CVE-2017-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2427"
},
{
"name": "CVE-2017-2473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2473"
},
{
"name": "CVE-2017-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2398"
},
{
"name": "CVE-2017-2469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2469"
},
{
"name": "CVE-2016-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3619"
},
{
"name": "CVE-2017-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2459"
},
{
"name": "CVE-2017-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2386"
},
{
"name": "CVE-2017-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2401"
},
{
"name": "CVE-2016-7923",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7923"
},
{
"name": "CVE-2017-2419",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2419"
},
{
"name": "CVE-2017-2474",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2474"
},
{
"name": "CVE-2016-7985",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7985"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2017-2409",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2409"
},
{
"name": "CVE-2016-7992",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7992"
},
{
"name": "CVE-2017-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2380"
},
{
"name": "CVE-2017-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2484"
},
{
"name": "CVE-2017-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2466"
},
{
"name": "CVE-2017-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2393"
},
{
"name": "CVE-2017-2395",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2395"
},
{
"name": "CVE-2017-2445",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2445"
},
{
"name": "CVE-2016-7929",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7929"
},
{
"name": "CVE-2017-2442",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2442"
},
{
"name": "CVE-2017-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2416"
},
{
"name": "CVE-2017-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2444"
},
{
"name": "CVE-2017-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2364"
},
{
"name": "CVE-2017-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5342"
},
{
"name": "CVE-2017-2415",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2415"
},
{
"name": "CVE-2017-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2379"
},
{
"name": "CVE-2017-2457",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2457"
},
{
"name": "CVE-2017-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2434"
},
{
"name": "CVE-2017-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2382"
},
{
"name": "CVE-2017-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2381"
},
{
"name": "CVE-2017-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2410"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-2421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2421"
},
{
"name": "CVE-2017-5205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5205"
},
{
"name": "CVE-2016-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7940"
},
{
"name": "CVE-2017-2438",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2438"
},
{
"name": "CVE-2017-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2460"
},
{
"name": "CVE-2017-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5482"
},
{
"name": "CVE-2016-7926",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7926"
},
{
"name": "CVE-2017-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2403"
},
{
"name": "CVE-2017-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2461"
},
{
"name": "CVE-2017-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2384"
},
{
"name": "CVE-2017-5486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5486"
},
{
"name": "CVE-2016-7937",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7937"
},
{
"name": "CVE-2016-7983",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7983"
},
{
"name": "CVE-2016-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1016"
},
{
"name": "CVE-2016-9642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9642"
},
{
"name": "CVE-2016-7925",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7925"
},
{
"name": "CVE-2017-2405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2405"
},
{
"name": "CVE-2017-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2417"
},
{
"name": "CVE-2017-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2447"
},
{
"name": "CVE-2017-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2482"
},
{
"name": "CVE-2017-2451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2451"
},
{
"name": "CVE-2017-2430",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2430"
},
{
"name": "CVE-2016-7930",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7930"
},
{
"name": "CVE-2017-2456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2456"
},
{
"name": "CVE-2016-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7056"
},
{
"name": "CVE-2017-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2432"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-2470",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2470"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2017-2476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2476"
},
{
"name": "CVE-2016-7938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7938"
},
{
"name": "CVE-2017-5202",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5202"
},
{
"name": "CVE-2016-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000"
},
{
"name": "CVE-2017-2433",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2433"
},
{
"name": "CVE-2017-2450",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2450"
},
{
"name": "CVE-2017-2480",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2480"
},
{
"name": "CVE-2016-9535",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9535"
},
{
"name": "CVE-2016-7924",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7924"
},
{
"name": "CVE-2017-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2429"
},
{
"name": "CVE-2017-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2394"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-092",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-28T00:00:00.000000"
},
{
"description": "ajout des informations li\u00e9es au bulletin de s\u00e9curit\u00e9 HT207607.",
"revision_date": "2017-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207604 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207607 du 28 mars 2017",
"url": "https://support.apple.com/en-us/HT207607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207615 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207615"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207602 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207600 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207595 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207601 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207617 du 27 mars 2017",
"url": "https://support.apple.com/en-us/HT207617"
}
]
}
GHSA-CWQF-QVQ3-6787
Vulnerability from github – Published: 2022-05-17 02:30 – Updated: 2022-05-17 02:30
VLAI?
Details
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-2385"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-02T01:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors.",
"id": "GHSA-cwqf-qvq3-6787",
"modified": "2022-05-17T02:30:42Z",
"published": "2022-05-17T02:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2385"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207600"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97136"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038137"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2017-2385
Vulnerability from fkie_nvd - Published: 2017-04-02 01:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.securityfocus.com/bid/97136 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1038137 | ||
| product-security@apple.com | https://support.apple.com/HT207600 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97136 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038137 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207600 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825911CC-F341-4198-B830-E7CF701BB88D",
"versionEndIncluding": "10.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. Safari en versiones anteriores a 10.1 est\u00e1 afectado. El problema involucra al componente \"Safari Login AutoFill\". Esto permite a usuarios locales obtener acceso a elementos bloqueados del llavero a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2385",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-02T01:59:00.513",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97136"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201704-0719
Vulnerability from variot - Updated: 2023-12-18 10:51An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors. Apple Safari is prone to a local security bypass vulnerability. A local attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. Versions prior to Safari 10.1 is vulnerable. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-27-2 Safari 10.1
Safari 10.1 is now available and addresses the following:
CoreGraphics Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam
Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed by disabling text input until the destination page loads. CVE-2017-2376: Chris Hlady of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Yuyang Zhou of Tencent Security Platform Department (security.tencent.com), Michal Zalewski of Google Inc, an anonymous researcher, an anonymous researcher
Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites Description: A spoofing issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal. CVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC
Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation. CVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)
Safari Login AutoFill Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: A local user may be able to access locked keychain items Description: A keychain handling issue was addressed through improved keychain item management. CVE-2017-2385: Simon Woodside of MedStack
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution Description: A validation issue existed in bookmark creation. This issue was addressed through improved input validation. CVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A prototype access issue was addressed through improved exception handling. CVE-2017-2386: André Bargull
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-9642: Gustavo Grieco CVE-2017-2394: Apple CVE-2017-2396: Apple
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2395: Apple CVE-2017-2454: Ivan Fratric of Google Project Zero CVE-2017-2455: Ivan Fratric of Google Project Zero CVE-2017-2459: Ivan Fratric of Google Project Zero CVE-2017-2460: Ivan Fratric of Google Project Zero CVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin CVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab CVE-2017-2466: Ivan Fratric of Google Project Zero CVE-2017-2468: lokihardt of Google Project Zero CVE-2017-2469: lokihardt of Google Project Zero CVE-2017-2470: lokihardt of Google Project Zero CVE-2017-2476: Ivan Fratric of Google Project Zero CVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions. CVE-2017-2419: Nicolai Grødum of Cisco Systems
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2016-9643: Gustavo Grieco
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management. CVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2433: Apple
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2364: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: A malicious website may exfiltrate data cross-origin Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2367: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management. CVE-2017-2445: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management. CVE-2017-2446: Natalie Silvanovich of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Visiting a maliciously crafted website may compromise user information Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2447: Natalie Silvanovich of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2471: Ivan Fratric of Google Project Zero
WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame handling. This issue was addressed through improved state management. CVE-2017-2475: lokihardt of Google Project Zero
WebKit JavaScript Bindings Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic. CVE-2017-2442: lokihardt of Google Project Zero
WebKit Web Inspector Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Closing a window while paused in the debugger may lead to unexpected application termination Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2377: Vicki Pfau
WebKit Web Inspector Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2405: Apple
Installation note:
Safari 10.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGhF4QALEOLTqQHF6gZnvahvF3wasA 86D3oE4LHUVVSiRq5qLr0mT2Tm4/qQEwDrbUgA7lqR5jJ1ZxB+6cNJf8AeGYwSYs NYx3kzhSV6y2Bw98JE3NIPbEsnYNKyYK6ExJLpwHbt1a9HdU+VY8Z4tJiEs3pCRW ndC6znbfia9p9PkLcv+mwkCrGQetgjuTzEofPoUPy1EKvexWiKImrlhtDlNSPP2I b1v7puQfGTH2iGecMvCIENTyNW7OOmRwN7bzs7S5m+ztGBq1Ti6auAT/59mSD5HI CQgqfTYPvvIN6oowMiGsy5l5uIAXF7/5eP9jyf2ygewGvVY26gum/PGskhWERRHl RwYOwCs5EEfPRj0z2m+8BcRe5YVfrB8A1mSHkPQU+UaScwYxh0kjN9fsQPT1PCSd Ks8H+1FVgcbTH2zp4bYPgdupyerX8Dh2cC3Doaemp4qW0d+/v5mhSPHq4zIBQoJ6 C5TsVM7JyVOMHXHGpWooyPDVVtzb5/ve0UgCqJ1rTFEzOFuJN313hP5f00woguTY 4B0NV+XlVrfmk3CWy7vx0grs5vKC6Vgz8rDilLeBfmVqUlZ4Hn75W24pEHIa24sB lPDffw4xrnGYFASDRC/Ch464/myq9TIETzTkW5zzLw4jLnIAXjpPWusiT6gKdQP8 GmR5lxoaaeZxH8hQc5ui =p/K5 -----END PGP SIGNATURE-----
Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (macos sierra 10.12.4)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x el capitan v10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (os x yosemite v10.10.5)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4419.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
}
],
"sources": [
{
"db": "BID",
"id": "97136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2385"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon Woodside of MedStack",
"sources": [
{
"db": "BID",
"id": "97136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-2385",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-110588",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-2385",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2385",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1272",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-110588",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors. Apple Safari is prone to a local security bypass vulnerability. \nA local attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. \nVersions prior to Safari 10.1 is vulnerable. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-27-2 Safari 10.1\n\nSafari 10.1 is now available and addresses the following:\n\nCoreGraphics\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2444: Mei Wang of 360 GearTeam\n\nSafari\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A state management issue was addressed by disabling text\ninput until the destination page loads. \nCVE-2017-2376: Chris Hlady of Google Inc, Muneaki Nishimura\n(nishimunea) of Recruit Technologies Co., Ltd., Yuyang Zhou of\nTencent Security Platform Department (security.tencent.com), Michal\nZalewski of Google Inc, an anonymous researcher, an anonymous\nresearcher\n\nSafari\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may present\nauthentication sheets over arbitrary web sites\nDescription: A spoofing issue existed in the handling of HTTP\nauthentication. This issue was addressed through making HTTP\nauthentication sheets non-modal. \nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\nSafari\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Visiting a malicious website by clicking a link may lead to\nuser interface spoofing\nDescription: A spoofing issue existed in the handling of FaceTime\nprompts. This issue was addressed through improved input validation. \nCVE-2017-2453: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nSafari Login AutoFill\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: A local user may be able to access locked keychain items\nDescription: A keychain handling issue was addressed through improved\nkeychain item management. \nCVE-2017-2385: Simon Woodside of MedStack\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Dragging and dropping a maliciously crafted link may lead to\nbookmark spoofing or arbitrary code execution\nDescription: A validation issue existed in bookmark creation. This\nissue was addressed through improved input validation. \nCVE-2017-2378: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may exfiltrate\ndata cross-origin\nDescription: A prototype access issue was addressed through improved\nexception handling. \nCVE-2017-2386: Andr\u00e9 Bargull\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2016-9642: Gustavo Grieco\nCVE-2017-2394: Apple\nCVE-2017-2396: Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-2395: Apple\nCVE-2017-2454: Ivan Fratric of Google Project Zero\nCVE-2017-2455: Ivan Fratric of Google Project Zero\nCVE-2017-2459: Ivan Fratric of Google Project Zero\nCVE-2017-2460: Ivan Fratric of Google Project Zero\nCVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon\nShin\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\nCVE-2017-2466: Ivan Fratric of Google Project Zero\nCVE-2017-2468: lokihardt of Google Project Zero\nCVE-2017-2469: lokihardt of Google Project Zero\nCVE-2017-2470: lokihardt of Google Project Zero\nCVE-2017-2476: Ivan Fratric of Google Project Zero\nCVE-2017-2481: 0011 working with Trend Micro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2017-2415: Kai Kang of Tencent\u0027s Xuanwu Lab (tentcent.com)\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\nunexpectedly unenforced Content Security Policy\nDescription: An access issue existed in Content Security Policy. This\nissue was addressed through improved access restrictions. \nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to high\nmemory consumption\nDescription: An uncontrolled resource consumption issue was addressed\nthrough improved regex processing. \nCVE-2016-9643: Gustavo Grieco\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An information disclosure issue existed in the\nprocessing of OpenGL shaders. This issue was addressed through\nimproved memory management. \nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore\nProgramming Group, Imperial College London\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2433: Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may exfiltrate\ndata cross-origin\nDescription: Multiple validation issues existed in the handling of\npage loading. This issue was addressed through improved logic. \nCVE-2017-2364: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A validation issue existed in the handling of page\nloading. This issue was addressed through improved logic. \nCVE-2017-2367: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of frame objects. \nThis issue was addressed with improved state management. \nCVE-2017-2445: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A logic issue existed in the handling of strict mode\nfunctions. This issue was addressed with improved state management. \nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Visiting a maliciously crafted website may compromise user\ninformation\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in frame handling. This issue was\naddressed through improved state management. \nCVE-2017-2475: lokihardt of Google Project Zero\n\nWebKit JavaScript Bindings\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may exfiltrate\ndata cross-origin\nDescription: Multiple validation issues existed in the handling of\npage loading. This issue was addressed through improved logic. \nCVE-2017-2442: lokihardt of Google Project Zero\n\nWebKit Web Inspector\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Closing a window while paused in the debugger may lead to\nunexpected application termination\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2377: Vicki Pfau\n\nWebKit Web Inspector\nAvailable for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2405: Apple\n\nInstallation note:\n\nSafari 10.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGhF4QALEOLTqQHF6gZnvahvF3wasA\n86D3oE4LHUVVSiRq5qLr0mT2Tm4/qQEwDrbUgA7lqR5jJ1ZxB+6cNJf8AeGYwSYs\nNYx3kzhSV6y2Bw98JE3NIPbEsnYNKyYK6ExJLpwHbt1a9HdU+VY8Z4tJiEs3pCRW\nndC6znbfia9p9PkLcv+mwkCrGQetgjuTzEofPoUPy1EKvexWiKImrlhtDlNSPP2I\nb1v7puQfGTH2iGecMvCIENTyNW7OOmRwN7bzs7S5m+ztGBq1Ti6auAT/59mSD5HI\nCQgqfTYPvvIN6oowMiGsy5l5uIAXF7/5eP9jyf2ygewGvVY26gum/PGskhWERRHl\nRwYOwCs5EEfPRj0z2m+8BcRe5YVfrB8A1mSHkPQU+UaScwYxh0kjN9fsQPT1PCSd\nKs8H+1FVgcbTH2zp4bYPgdupyerX8Dh2cC3Doaemp4qW0d+/v5mhSPHq4zIBQoJ6\nC5TsVM7JyVOMHXHGpWooyPDVVtzb5/ve0UgCqJ1rTFEzOFuJN313hP5f00woguTY\n4B0NV+XlVrfmk3CWy7vx0grs5vKC6Vgz8rDilLeBfmVqUlZ4Hn75W24pEHIa24sB\nlPDffw4xrnGYFASDRC/Ch464/myq9TIETzTkW5zzLw4jLnIAXjpPWusiT6gKdQP8\nGmR5lxoaaeZxH8hQc5ui\n=p/K5\n-----END PGP SIGNATURE-----\n\n\n_______________________________________________\nSent through the Full Disclosure mailing list\nhttps://nmap.org/mailman/listinfo/fulldisclosure\nWeb Archives \u0026 RSS: http://seclists.org/fulldisclosure/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "BID",
"id": "97136"
},
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "PACKETSTORM",
"id": "141878"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2385",
"trust": 2.9
},
{
"db": "BID",
"id": "97136",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038137",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-110588",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "BID",
"id": "97136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "PACKETSTORM",
"id": "141878"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"id": "VAR-201704-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-110588"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:51:54.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207600"
},
{
"title": "HT207600",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207600"
},
{
"title": "Apple Safari Safari Login AutoFill Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68824"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97136"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207600"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038137"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2385"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2385"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2459"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2453"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2460"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2433"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/"
},
{
"trust": 0.1,
"url": "https://nmap.org/mailman/listinfo/fulldisclosure"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2455"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2377"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9643"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "BID",
"id": "97136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "PACKETSTORM",
"id": "141878"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-110588"
},
{
"db": "BID",
"id": "97136"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"db": "PACKETSTORM",
"id": "141878"
},
{
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110588"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97136"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"date": "2017-03-27T00:00:00",
"db": "PACKETSTORM",
"id": "141878"
},
{
"date": "2017-04-02T01:59:00.513000",
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-110588"
},
{
"date": "2017-03-29T01:02:00",
"db": "BID",
"id": "97136"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002399"
},
{
"date": "2017-07-12T01:29:09.410000",
"db": "NVD",
"id": "CVE-2017-2385"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari of Safari Login AutoFill Vulnerabilities that can gain access to components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002399"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1272"
}
],
"trust": 0.6
}
}
GSD-2017-2385
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-2385",
"description": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors.",
"id": "GSD-2017-2385"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-2385"
],
"details": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors.",
"id": "GSD-2017-2385",
"modified": "2023-12-13T01:21:05.793459Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "97136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97136"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2385"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207600"
},
{
"name": "97136",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97136"
},
{
"name": "1038137",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1038137"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-07-12T01:29Z",
"publishedDate": "2017-04-02T01:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…