var-201507-0421
Vulnerability from variot
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. Apple iOS and Apple OS X Run on Apple Safari Used in etc. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue lies in the failure to properly utilize SQLite's authorization code. An attacker can leverage this vulnerability to execute restricted SQL statements under the context of the current process. WebKit is prone to the following multiple security vulnerabilities. 1. An information-disclosure vulnerability 2. A security-bypass vulnerability 3. Failed attacks will cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 8.4, Apple Safari prior to 6.2.7, 7.x prior to 7.1.7, and 8.x prior to 8.0.7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and address the following:
WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables. This could have allowed a maliciously crafted website to access databases belonging to other websites. The issue was addressed with improved authorization checks. CVE-ID CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative
WebKit Page Loading Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Visiting a maliciously crafted website may lead to account account takeover Description: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. This issue was addressed through improved handling of redirects. CVE-ID CVE-2015-3658 : Brad Hill of Facebook
WebKit PDF Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Clicking a maliciously crafted link in a PDF embedded in a webpage may lead to cookie theft or user information leakage Description: An issue existed with PDF-embedded links which could execute JavaScript in a hosting webpage's context. This issue was addressed by restricting the support for JavaScript links. CVE-ID CVE-2015-3660 : Apple
WebKit Storage Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative
Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVke9DAAoJEBcWfLTuOo7tE7oP/0PWt+3zpRGevnWaTR1cdCSR ixlIqZ+OrwfGluIpnQIrMx8Lw2F954/Afcv68QW5pDwU02UYIiHXFiryFG2YYu6k +n1mnqY/5n3uo3+V18Tfi7q8WFoEfi607PbXUt/Q3FCu+NuQBl3nrVWo53f+a44v Pb08QVMyj+g0KWNoMudA7T/G9yXsnZFm6rBKkl1D+2Cwyx/DB2i4guHleJNawM/m 8vCgIc4FReFOz03EqW3Vzqp3qWd4AovRLX8iG+62mUU8AgAVVurJdhxPNjqzmoAi Zg1MDM2un4Op6QvLpJzG9zwW5/s+H8GVLPIYnK+uASu5UR0EU3yqb0UOCHbyG6iI DFaRDyHXaNBWglFxRdl/Lvbz/ZQyAdc3MJMaHOSHchvu7CX3x2szTKkPr1nd/7bS RB5JWTBKjz9G0zOp4d44u49oW4/43yV/kcjs7isBKyzPpO67dzukMDjjeKlkYAVE gOoYtQMcorh2PrMEAW7MN2jB9R0f7gEOr2txRLgy0NakI/W+WVK8wysbDNvsjEE4 9UynLpQHqmlEL68ZyXGPrbn7Q4dO3qdL3fYsCp/57o7wDkIfASBehTet4Va3yobr ZikiQkMU9QnYYWiN0whHzgtq+ONFg8B3hroD9XgfpG8kldjXyI6cOj6QY9e276m4 U31+XzCwLCTXylgolNOw =9Wfv -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2937-1 March 21, 2016
webkitgtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkitgtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1
Ubuntu 14.04 LTS: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany and Evolution, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2937-1 CVE-2014-1748, CVE-2015-1071, CVE-2015-1076, CVE-2015-1081, CVE-2015-1083, CVE-2015-1120, CVE-2015-1122, CVE-2015-1127, CVE-2015-1153, CVE-2015-1155, CVE-2015-3658, CVE-2015-3659, CVE-2015-3727, CVE-2015-3731, CVE-2015-3741, CVE-2015-3743, CVE-2015-3745, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3752, CVE-2015-5788, CVE-2015-5794, CVE-2015-5801, CVE-2015-5809, CVE-2015-5822, CVE-2015-5928
Package Information: https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0421", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.1" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.5" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.6" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.3" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.2" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "7.1.6" }, { "model": "safari", "scope": "eq", "trust": 1.6, "vendor": "apple", "version": "8.0.4" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.3" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.2" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.2" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.5" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.3" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.1" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "8.3" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.10.3" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.5" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.0" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.4" }, { "model": "safari", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "6.2.6" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.1" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.0.6" }, { "model": "safari", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "7.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "8.4 (ipod touch no. 5 after generation )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.2.7 (os x mavericks v10.9.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.2.7 (os x mountain lion v10.8.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.2.7 (os x yosemite v10.10.3)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.1.7 (os x mavericks v10.9.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.1.7 (os x mountain lion v10.8.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "7.1.7 (os x yosemite v10.10.3)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "8.0.7 (os x mavericks v10.9.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "8.0.7 (os x mountain lion v10.8.5)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "8.0.7 (os x yosemite v10.10.3)" }, { "model": "webkit", "scope": null, "trust": 0.7, "vendor": "webkit", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.10.3" }, { "model": "iphone os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "8.3" }, { "model": "open source project webkit", "scope": "eq", "trust": 0.3, "vendor": "webkit", "version": "0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "BID", "id": "75492" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:7.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:8.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.10.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3727" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Peter Rutenbar", "sources": [ { "db": "ZDI", "id": "ZDI-15-281" } ], "trust": 0.7 }, "cve": "CVE-2015-3727", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-3727", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2015-3727", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-81688", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-3727", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2015-3727", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201507-088", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81688", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "VULHUB", "id": "VHN-81688" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site\u0027s database via a crafted web site. Apple iOS and Apple OS X Run on Apple Safari Used in etc. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue lies in the failure to properly utilize SQLite\u0027s authorization code. An attacker can leverage this vulnerability to execute restricted SQL statements under the context of the current process. WebKit is prone to the following multiple security vulnerabilities. \n1. An information-disclosure vulnerability\n2. A security-bypass vulnerability\n3. Failed attacks will cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following products and versions are affected: Apple iOS prior to 8.4, Apple Safari prior to 6.2.7, 7.x prior to 7.1.7, and 8.x prior to 8.0.7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7\n\nSafari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and\naddress the following:\n\nWebKit\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact: A maliciously crafted website can access the WebSQL\ndatabases of other websites\nDescription: An issue existed in the authorization checks for\nrenaming WebSQL tables. This could have allowed a maliciously crafted\nwebsite to access databases belonging to other websites. The issue\nwas addressed with improved authorization checks. \nCVE-ID\nCVE-2015-3727 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nWebKit Page Loading\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact: Visiting a maliciously crafted website may lead to account\naccount takeover\nDescription: An issue existed where Safari would preserve the Origin\nrequest header for cross-origin redirects, allowing malicious\nwebsites to circumvent CSRF protections. This issue was addressed\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-3658 : Brad Hill of Facebook\n\nWebKit PDF\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact: Clicking a maliciously crafted link in a PDF embedded in a\nwebpage may lead to cookie theft or user information leakage\nDescription: An issue existed with PDF-embedded links which could\nexecute JavaScript in a hosting webpage\u0027s context. This issue was\naddressed by restricting the support for JavaScript links. \nCVE-ID\nCVE-2015-3660 : Apple\n\nWebKit Storage\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nand OS X Yosemite v10.10.3\nImpact: Visiting a maliciously crafted webpage may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An insufficient comparison issue existed in SQLite\nauthorizer which allowed invocation of arbitrary SQL functions. This\nissue was addressed with improved authorization checks. \nCVE-ID\nCVE-2015-3659 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\n\nSafari 8.0.7, Safari 7.1.7, and Safari 6.2.7 may be obtained from\nthe Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVke9DAAoJEBcWfLTuOo7tE7oP/0PWt+3zpRGevnWaTR1cdCSR\nixlIqZ+OrwfGluIpnQIrMx8Lw2F954/Afcv68QW5pDwU02UYIiHXFiryFG2YYu6k\n+n1mnqY/5n3uo3+V18Tfi7q8WFoEfi607PbXUt/Q3FCu+NuQBl3nrVWo53f+a44v\nPb08QVMyj+g0KWNoMudA7T/G9yXsnZFm6rBKkl1D+2Cwyx/DB2i4guHleJNawM/m\n8vCgIc4FReFOz03EqW3Vzqp3qWd4AovRLX8iG+62mUU8AgAVVurJdhxPNjqzmoAi\nZg1MDM2un4Op6QvLpJzG9zwW5/s+H8GVLPIYnK+uASu5UR0EU3yqb0UOCHbyG6iI\nDFaRDyHXaNBWglFxRdl/Lvbz/ZQyAdc3MJMaHOSHchvu7CX3x2szTKkPr1nd/7bS\nRB5JWTBKjz9G0zOp4d44u49oW4/43yV/kcjs7isBKyzPpO67dzukMDjjeKlkYAVE\ngOoYtQMcorh2PrMEAW7MN2jB9R0f7gEOr2txRLgy0NakI/W+WVK8wysbDNvsjEE4\n9UynLpQHqmlEL68ZyXGPrbn7Q4dO3qdL3fYsCp/57o7wDkIfASBehTet4Va3yobr\nZikiQkMU9QnYYWiN0whHzgtq+ONFg8B3hroD9XgfpG8kldjXyI6cOj6QY9e276m4\nU31+XzCwLCTXylgolNOw\n=9Wfv\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2937-1\nMarch 21, 2016\n\nwebkitgtk vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkitgtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1\n libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1\n libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1\n libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1\n\nUbuntu 14.04 LTS:\n libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1\n libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1\n libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1\n libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany and Evolution, to make all the\nnecessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2937-1\n CVE-2014-1748, CVE-2015-1071, CVE-2015-1076, CVE-2015-1081,\n CVE-2015-1083, CVE-2015-1120, CVE-2015-1122, CVE-2015-1127,\n CVE-2015-1153, CVE-2015-1155, CVE-2015-3658, CVE-2015-3659,\n CVE-2015-3727, CVE-2015-3731, CVE-2015-3741, CVE-2015-3743,\n CVE-2015-3745, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749,\n CVE-2015-3752, CVE-2015-5788, CVE-2015-5794, CVE-2015-5801,\n CVE-2015-5809, CVE-2015-5822, CVE-2015-5928\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1\n https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "BID", "id": "75492" }, { "db": "VULHUB", "id": "VHN-81688" }, { "db": "PACKETSTORM", "id": "132520" }, { "db": "PACKETSTORM", "id": "136327" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3727", "trust": 3.7 }, { "db": "BID", "id": "75492", "trust": 1.4 }, { "db": "SECTRACK", "id": "1032754", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2015-003434", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2900", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-15-281", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201507-088", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-81688", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136327", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "VULHUB", "id": "VHN-81688" }, { "db": "BID", "id": "75492" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "PACKETSTORM", "id": "132520" }, { "db": "PACKETSTORM", "id": "136327" }, { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "id": "VAR-201507-0421", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-81688" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:42:31.904000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-06-30-1 iOS 8.4", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html" }, { "title": "APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00004.html" }, { "title": "HT204941", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204941" }, { "title": "HT204950", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204950" }, { "title": "HT204941", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204941" }, { "title": "HT204950", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204950" }, { "title": "WebKit.Org has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://support.apple.com/kb/ht201222" }, { "title": "quicktime7.7.7_installer", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56517" }, { "title": "osxupd10.10.4", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56516" }, { "title": "iPhone7,1_8.4_12H143_Restore", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=56515" } ], "sources": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81688" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "NVD", "id": "CVE-2015-3727" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00001.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00004.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht204941" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht204950" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2937-1" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/75492" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1032754" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3727" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3727" }, { "trust": 0.7, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "http://www.apple.com/ios/" }, { "trust": 0.3, "url": "http://www.apple.com/ipad/" }, { "trust": 0.3, "url": "http://www.apple.com/iphone/" }, { "trust": 0.3, "url": "http://www.apple.com/ipodtouch/" }, { "trust": 0.3, "url": "http://www.apple.com/safari/" }, { "trust": 0.3, "url": "http://www.webkit.org/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3727" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3658" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3659" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3660" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5809" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1120" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3741" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1083" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3752" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1076" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1155" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5794" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1071" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3749" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1122" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1081" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3731" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3743" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3747" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3745" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1" } ], "sources": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "VULHUB", "id": "VHN-81688" }, { "db": "BID", "id": "75492" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "PACKETSTORM", "id": "132520" }, { "db": "PACKETSTORM", "id": "136327" }, { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-15-281" }, { "db": "VULHUB", "id": "VHN-81688" }, { "db": "BID", "id": "75492" }, { "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "db": "PACKETSTORM", "id": "132520" }, { "db": "PACKETSTORM", "id": "136327" }, { "db": "NVD", "id": "CVE-2015-3727" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-07-01T00:00:00", "db": "ZDI", "id": "ZDI-15-281" }, { "date": "2015-07-03T00:00:00", "db": "VULHUB", "id": "VHN-81688" }, { "date": "2015-06-30T00:00:00", "db": "BID", "id": "75492" }, { "date": "2015-07-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "date": "2015-07-01T05:38:21", "db": "PACKETSTORM", "id": "132520" }, { "date": "2016-03-22T00:03:33", "db": "PACKETSTORM", "id": "136327" }, { "date": "2015-07-03T02:00:17.913000", "db": "NVD", "id": "CVE-2015-3727" }, { "date": "2015-07-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-07-01T00:00:00", "db": "ZDI", "id": "ZDI-15-281" }, { "date": "2016-12-28T00:00:00", "db": "VULHUB", "id": "VHN-81688" }, { "date": "2015-07-15T00:52:00", "db": "BID", "id": "75492" }, { "date": "2015-07-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-003434" }, { "date": "2016-12-28T02:59:15.153000", "db": "NVD", "id": "CVE-2015-3727" }, { "date": "2015-07-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-088" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "136327" }, { "db": "CNNVD", "id": "CNNVD-201507-088" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple iOS and Apple OS X Run on Apple Safari Used in etc. WebKit Any in Web Vulnerabilities accessing the site database", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-003434" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201507-088" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.