var-201512-0325
Vulnerability from variot

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. libxml2 is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. libxml2 2.9.2 is vulnerable; other versions may also be affected. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. There is a security vulnerability in the 'xmlSAX2TextNode' function in the SAX2.c file of the push interface in the HTML parser of versions prior to libxml2 2.9.3. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)

  • A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)

  • A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)

  • It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)

  • A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)

  • A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. (CVE-2015-0209)

  • It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)

  • It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JWS-271 - User submitted session ID JWS-272 - User submitted session ID JWS-276 - Welcome File processing refactoring - CVE-2015-5345 low JWS-277 - Welcome File processing refactoring - CVE-2015-5345 low JWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate JWS-304 - Restrict another manager servlet - CVE-2016-0706 low JWS-349 - Session serialization safety - CVE-2016-0714 moderate JWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04944172

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04944172 Version: 1

HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

  • IceWall File Manager 3.0
  • IceWall Federation Agent 3.0

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-5312 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2015-7497 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7498 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7499 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-7500 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7941 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-7942 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-8241 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-8242 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 CVE-2015-8317 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HPE recommends applying the latest OS vendor security patches for libXML2 to resolve the vulnerabilities in the libXML2 library.

Please note that the HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 22 January 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37


                                       https://security.gentoo.org/

Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37


Synopsis

Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code.

Background

libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All libxml2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"

References

[ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201701-37

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. CVE-ID CVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2015:2549-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2549.html Issue date: 2015-12-07 CVE Names: CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 =====================================================================

  1. Summary:

Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)

Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.

All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: libxml2-2.7.6-20.el6_7.1.src.rpm

i386: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-python-2.7.6-20.el6_7.1.i686.rpm

x86_64: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-2.7.6-20.el6_7.1.x86_64.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-static-2.7.6-20.el6_7.1.i686.rpm

x86_64: libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: libxml2-2.7.6-20.el6_7.1.src.rpm

x86_64: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-2.7.6-20.el6_7.1.x86_64.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: libxml2-2.7.6-20.el6_7.1.src.rpm

i386: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-python-2.7.6-20.el6_7.1.i686.rpm

ppc64: libxml2-2.7.6-20.el6_7.1.ppc.rpm libxml2-2.7.6-20.el6_7.1.ppc64.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.ppc.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.ppc64.rpm libxml2-devel-2.7.6-20.el6_7.1.ppc.rpm libxml2-devel-2.7.6-20.el6_7.1.ppc64.rpm libxml2-python-2.7.6-20.el6_7.1.ppc64.rpm

s390x: libxml2-2.7.6-20.el6_7.1.s390.rpm libxml2-2.7.6-20.el6_7.1.s390x.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.s390.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.s390x.rpm libxml2-devel-2.7.6-20.el6_7.1.s390.rpm libxml2-devel-2.7.6-20.el6_7.1.s390x.rpm libxml2-python-2.7.6-20.el6_7.1.s390x.rpm

x86_64: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-2.7.6-20.el6_7.1.x86_64.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-static-2.7.6-20.el6_7.1.i686.rpm

ppc64: libxml2-debuginfo-2.7.6-20.el6_7.1.ppc64.rpm libxml2-static-2.7.6-20.el6_7.1.ppc64.rpm

s390x: libxml2-debuginfo-2.7.6-20.el6_7.1.s390x.rpm libxml2-static-2.7.6-20.el6_7.1.s390x.rpm

x86_64: libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: libxml2-2.7.6-20.el6_7.1.src.rpm

i386: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-python-2.7.6-20.el6_7.1.i686.rpm

x86_64: libxml2-2.7.6-20.el6_7.1.i686.rpm libxml2-2.7.6-20.el6_7.1.x86_64.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-devel-2.7.6-20.el6_7.1.i686.rpm libxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm libxml2-python-2.7.6-20.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: libxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm libxml2-static-2.7.6-20.el6_7.1.i686.rpm

x86_64: libxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm libxml2-static-2.7.6-20.el6_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWZWCJXlSAg2UNWIIRAolaAJ9ZG2087Dxbs4QgaixZuck7QoZHugCeMTPl +NnKYuZa9r7CJt9Llu3kJmw= =rLoh -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)

WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)

WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation

WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. ============================================================================ Ubuntu Security Notice USN-2834-1 December 14, 2015

libxml2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

libxml2 could be made to crash if it opened a specially crafted file. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500)

Hugh Davenport discovered that libxml2 incorrectly handled certain malformed documents. (CVE-2015-8241, CVE-2015-8242)

Hanno Boeck discovered that libxml2 incorrectly handled certain malformed documents. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libxml2 2.9.2+zdfsg1-4ubuntu0.2

Ubuntu 15.04: libxml2 2.9.2+dfsg1-3ubuntu0.2

Ubuntu 14.04 LTS: libxml2 2.9.1+dfsg1-3ubuntu4.6

Ubuntu 12.04 LTS: libxml2 2.7.8.dfsg-5.1ubuntu4.13

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:

apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team

AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path

Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB

Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher

dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB

FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero

IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash

IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team

Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox

NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero

OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys

OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys

OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195

Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG

Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca

Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

Tcl Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš

TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171

OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0325",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "icewall federation agent",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "icewall file manager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "libxml2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "xmlsoft",
        "version": "2.9.2"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "watchos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "connections docs ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.5002"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "infosphere streams",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1.5"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.41"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.4"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1.4"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "libxml2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "xmlsoft",
        "version": "2.9.3"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.5.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.19"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.410"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.08"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1.3"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "infosphere streams",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.6"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.24"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.7"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.5"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "64"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.219"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "powerkvm sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.113"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.6"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "rational systems tester interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.7"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.40"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.22"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "connections docs ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.7006"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.0"
      },
      {
        "model": "smartcloud entry fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.110"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.6"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "rational systems tester interim fix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.7"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "infosphere streams",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.6"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.165.5"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.32"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "bigfix security compliance analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.7"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1.2"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.3"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.4"
      },
      {
        "model": "libxml2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xmlsoft",
        "version": "2.9.2"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.415"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.34"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.415"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "solaris sru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.35.6"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.412"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.5"
      },
      {
        "model": "informix genero",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.30"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "ios for developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.5"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.21"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.09"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "connections docs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.31"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.0.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.218"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "infosphere streams",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "connections docs ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.6003"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.42"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "connections docs ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0002"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational systems tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.3.0.3"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.1"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "powerkvm build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.158"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.5"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.01"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "infosphere streams",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "77681"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.11.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hanno B?ck",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2015-8242",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-86203",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-8242",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8242",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-325",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86203",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-8242",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. libxml2 is prone to multiple information-disclosure vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information that may aid in launching further attacks. \nlibxml2 2.9.2 is vulnerable; other versions may also be affected. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. There is a security vulnerability in the \u0027xmlSAX2TextNode\u0027 function in the SAX2.c file of the push interface in the HTML parser of versions prior to libxml2 2.9.3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for\nRed Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements,\nwhich are documented in the Release Notes documented linked to in the\nReferences. (CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942,\nCVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242,\nCVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-271 - User submitted session ID\nJWS-272 - User submitted session ID\nJWS-276 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-277 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate\nJWS-304 - Restrict another manager servlet - CVE-2016-0706 low\nJWS-349 - Session serialization safety - CVE-2016-0714 moderate\nJWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04944172\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04944172\nVersion: 1\n\nHPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager\nrunning libXML2, Remote or Local Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\n  - IceWall File Manager 3.0\n  - IceWall Federation Agent 3.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-5312    (AV:N/AC:M/Au:N/C:N/I:N/A:C)       7.1\nCVE-2015-7497    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-7498    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-7499    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2015-7500    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-7941    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-7942    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-8241    (AV:N/AC:L/Au:N/C:P/I:N/A:P)       6.4\nCVE-2015-8242    (AV:N/AC:M/Au:N/C:P/I:N/A:P)       5.8\nCVE-2015-8317    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE recommends applying the latest OS vendor security patches for libXML2 to\nresolve the vulnerabilities in the libXML2 library. \n\nPlease note that the HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 22 January 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201701-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: libxml2: Multiple vulnerabilities\n     Date: January 16, 2017\n     Bugs: #564776, #566374, #572878, #573820, #577998, #582538,\n           #582540, #583888, #589816, #597112, #597114, #597116\n       ID: 201701-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould lead to the execution of arbitrary code. \n\nBackground\n==========\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit\ninitially developed for the Gnome project. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.9.4-r1\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-1819\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819\n[  2 ] CVE-2015-5312\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312\n[  3 ] CVE-2015-7497\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497\n[  4 ] CVE-2015-7498\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498\n[  5 ] CVE-2015-7499\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499\n[  6 ] CVE-2015-7500\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500\n[  7 ] CVE-2015-7941\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941\n[  8 ] CVE-2015-7942\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942\n[  9 ] CVE-2015-8035\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035\n[ 10 ] CVE-2015-8242\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242\n[ 11 ] CVE-2015-8806\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806\n[ 12 ] CVE-2016-1836\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836\n[ 13 ] CVE-2016-1838\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838\n[ 14 ] CVE-2016-1839\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839\n[ 15 ] CVE-2016-1840\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840\n[ 16 ] CVE-2016-2073\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073\n[ 17 ] CVE-2016-3627\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627\n[ 18 ] CVE-2016-3705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705\n[ 19 ] CVE-2016-4483\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483\n[ 20 ] CVE-2016-4658\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658\n[ 21 ] CVE-2016-5131\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \nCVE-ID\nCVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: libxml2 security update\nAdvisory ID:       RHSA-2015:2549-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2549.html\nIssue date:        2015-12-07\nCVE Names:         CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 \n                   CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 \n                   CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 \n                   CVE-2015-8317 \n=====================================================================\n\n1. Summary:\n\nUpdated libxml2 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. (CVE-2015-5312, CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942,\nCVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. \n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment\n1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access\n1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()\n1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input\n1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey\n1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl\n1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW\n1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration\n1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar\n1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc\n1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode\n1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nlibxml2-2.7.6-20.el6_7.1.src.rpm\n\ni386:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-python-2.7.6-20.el6_7.1.i686.rpm\n\nx86_64:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-python-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-static-2.7.6-20.el6_7.1.i686.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-static-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nlibxml2-2.7.6-20.el6_7.1.src.rpm\n\nx86_64:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-python-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-static-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nlibxml2-2.7.6-20.el6_7.1.src.rpm\n\ni386:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-python-2.7.6-20.el6_7.1.i686.rpm\n\nppc64:\nlibxml2-2.7.6-20.el6_7.1.ppc.rpm\nlibxml2-2.7.6-20.el6_7.1.ppc64.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.ppc.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.ppc64.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.ppc.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.ppc64.rpm\nlibxml2-python-2.7.6-20.el6_7.1.ppc64.rpm\n\ns390x:\nlibxml2-2.7.6-20.el6_7.1.s390.rpm\nlibxml2-2.7.6-20.el6_7.1.s390x.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.s390.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.s390x.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.s390.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.s390x.rpm\nlibxml2-python-2.7.6-20.el6_7.1.s390x.rpm\n\nx86_64:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-python-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-static-2.7.6-20.el6_7.1.i686.rpm\n\nppc64:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.ppc64.rpm\nlibxml2-static-2.7.6-20.el6_7.1.ppc64.rpm\n\ns390x:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.s390x.rpm\nlibxml2-static-2.7.6-20.el6_7.1.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-static-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nlibxml2-2.7.6-20.el6_7.1.src.rpm\n\ni386:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-python-2.7.6-20.el6_7.1.i686.rpm\n\nx86_64:\nlibxml2-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-devel-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-python-2.7.6-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.i686.rpm\nlibxml2-static-2.7.6-20.el6_7.1.i686.rpm\n\nx86_64:\nlibxml2-debuginfo-2.7.6-20.el6_7.1.x86_64.rpm\nlibxml2-static-2.7.6-20.el6_7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5312\nhttps://access.redhat.com/security/cve/CVE-2015-7497\nhttps://access.redhat.com/security/cve/CVE-2015-7498\nhttps://access.redhat.com/security/cve/CVE-2015-7499\nhttps://access.redhat.com/security/cve/CVE-2015-7500\nhttps://access.redhat.com/security/cve/CVE-2015-7941\nhttps://access.redhat.com/security/cve/CVE-2015-7942\nhttps://access.redhat.com/security/cve/CVE-2015-8241\nhttps://access.redhat.com/security/cve/CVE-2015-8242\nhttps://access.redhat.com/security/cve/CVE-2015-8317\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWZWCJXlSAg2UNWIIRAolaAJ9ZG2087Dxbs4QgaixZuck7QoZHugCeMTPl\n+NnKYuZa9r7CJt9Llu3kJmw=\n=rLoh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A website may be able to track sensitive user information\nDescription:  A hidden web page may be able to access device-\norientation and device-motion data. This issue was addressed by\nsuspending the availability of this data when the web view is hidden. \nCVE-ID\nCVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. \nShahandashti, and Feng Hao of the School of Computing Science,\nNewcastle University, UK\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription:  An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent\u0027s Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may be able to access restricted ports\non arbitrary servers\nDescription:  A port redirection issue was addressed through\nadditional port validation. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nWebKit Page Loading\nAvailable for:  iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact:  A malicious website may exfiltrate data cross-origin\nDescription:  A caching issue existed with character encoding. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. ============================================================================\nUbuntu Security Notice USN-2834-1\nDecember 14, 2015\n\nlibxml2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nlibxml2 could be made to crash if it opened a specially crafted file. (CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499,CVE-2015-7500)\n\nHugh Davenport discovered that libxml2 incorrectly handled certain\nmalformed documents. (CVE-2015-8241,\nCVE-2015-8242)\n\nHanno Boeck discovered that libxml2 incorrectly handled certain\nmalformed documents. This issue only applied\nto Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-8317)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libxml2                         2.9.2+zdfsg1-4ubuntu0.2\n\nUbuntu 15.04:\n  libxml2                         2.9.2+dfsg1-3ubuntu0.2\n\nUbuntu 14.04 LTS:\n  libxml2                         2.9.1+dfsg1-3ubuntu4.6\n\nUbuntu 12.04 LTS:\n  libxml2                         2.7.8.dfsg-5.1ubuntu4.13\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription:  A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to cause a denial of service\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription:  A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription:  An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription:  Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a tel link can make a call without prompting the\nuser\nDescription:  A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to check for the existence of\narbitrary files\nDescription:  A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      },
      {
        "db": "BID",
        "id": "77681"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135395"
      },
      {
        "db": "PACKETSTORM",
        "id": "140533"
      },
      {
        "db": "PACKETSTORM",
        "id": "136343"
      },
      {
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "db": "PACKETSTORM",
        "id": "136342"
      },
      {
        "db": "PACKETSTORM",
        "id": "134787"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8242",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "77681",
        "trust": 2.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/11/17/5",
        "trust": 1.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2015/11/18/23",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1034243",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.3732",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-86203",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136344",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137101",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135395",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140533",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136343",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134651",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136342",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134787",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136346",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "BID",
        "id": "77681"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135395"
      },
      {
        "db": "PACKETSTORM",
        "id": "140533"
      },
      {
        "db": "PACKETSTORM",
        "id": "136343"
      },
      {
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "db": "PACKETSTORM",
        "id": "136342"
      },
      {
        "db": "PACKETSTORM",
        "id": "134787"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "id": "VAR-201512-0325",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:19:32.648000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "libxml2 Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=59143"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2015-8242: Buffer overead with HTML parser in push mode in xmlSAX2TextNode, causes segfault when compiled with ASAN",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e9d573f68f13e3e7b1fd6aef1a83d902"
      },
      {
        "title": "Red Hat: Moderate: libxml2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152549 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: libxml2 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152550 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-8242",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8242"
      },
      {
        "title": "Ubuntu Security Notice: libxml2 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2834-1"
      },
      {
        "title": "Apple: tvOS 9.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ce338ecd7a3c82e55bcf20e44e532eea"
      },
      {
        "title": "Apple: watchOS 2.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0cbe3084baf2e465ecd2cc68ad686a9a"
      },
      {
        "title": "Apple: iOS 9.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-628",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-628"
      },
      {
        "title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2019-1220",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1220"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 2.1,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
      },
      {
        "trust": 2.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
      },
      {
        "trust": 2.1,
        "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/77681"
      },
      {
        "trust": 1.9,
        "url": "https://security.gentoo.org/glsa/201701-37"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2549.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1089.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2834-1"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://xmlsoft.org/news.html"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944172"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206166"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206168"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206169"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2550.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1034243"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7498"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7497"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.4,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7941"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8241"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8317"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-8242"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.gnome.org/show_bug.cgi?id=752191"
      },
      {
        "trust": 0.3,
        "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
      },
      {
        "trust": 0.3,
        "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
      },
      {
        "trust": 0.3,
        "url": "https://blog.fuzzing-project.org/28-libxml2-several-out-of-bounds-reads.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944172"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023350"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023983"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972720"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?rs=630\u0026uid=swg21973201"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975225"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975975"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979515"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979767"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982607"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983370"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7941"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8241"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7942"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-5312"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7500"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7499"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7497"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-8317"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7498"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382616617563\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2834-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.0.3_release_notes/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0714"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0706"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.0.3"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0763"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8806"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2073"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5131"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1725"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1720"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1726"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1724"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1721"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1723"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1722"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1756"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1760"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1763"
      },
      {
        "trust": 0.1,
        "url": "http://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+dfsg1-3ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.1+dfsg1-3ubuntu4.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.13"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206171"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "BID",
        "id": "77681"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135395"
      },
      {
        "db": "PACKETSTORM",
        "id": "140533"
      },
      {
        "db": "PACKETSTORM",
        "id": "136343"
      },
      {
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "db": "PACKETSTORM",
        "id": "136342"
      },
      {
        "db": "PACKETSTORM",
        "id": "134787"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "db": "BID",
        "id": "77681"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "137101"
      },
      {
        "db": "PACKETSTORM",
        "id": "135395"
      },
      {
        "db": "PACKETSTORM",
        "id": "140533"
      },
      {
        "db": "PACKETSTORM",
        "id": "136343"
      },
      {
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "db": "PACKETSTORM",
        "id": "136342"
      },
      {
        "db": "PACKETSTORM",
        "id": "134787"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "date": "2015-12-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "date": "2015-11-22T00:00:00",
        "db": "BID",
        "id": "77681"
      },
      {
        "date": "2016-03-22T15:12:44",
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "date": "2016-05-17T23:47:44",
        "db": "PACKETSTORM",
        "id": "137101"
      },
      {
        "date": "2016-01-26T17:27:00",
        "db": "PACKETSTORM",
        "id": "135395"
      },
      {
        "date": "2017-01-17T02:26:10",
        "db": "PACKETSTORM",
        "id": "140533"
      },
      {
        "date": "2016-03-22T15:09:54",
        "db": "PACKETSTORM",
        "id": "136343"
      },
      {
        "date": "2015-12-07T16:36:51",
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "date": "2016-03-22T15:05:15",
        "db": "PACKETSTORM",
        "id": "136342"
      },
      {
        "date": "2015-12-14T16:40:43",
        "db": "PACKETSTORM",
        "id": "134787"
      },
      {
        "date": "2016-03-22T15:18:02",
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "date": "2015-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "date": "2015-12-15T21:59:07.387000",
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86203"
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-8242"
      },
      {
        "date": "2016-07-22T20:00:00",
        "db": "BID",
        "id": "77681"
      },
      {
        "date": "2023-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      },
      {
        "date": "2019-03-08T16:06:36.980000",
        "db": "NVD",
        "id": "CVE-2015-8242"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134651"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "libxml2 Information disclosure vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-325"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.