var-201603-0243
Vulnerability from variot
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762
Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1783 : Mihai Parparita of Google
WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE v9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl xA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE 2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M B+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h QW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE 4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ BL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma Vua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG ErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr lNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL EKY5qeXLPmBhjG354Sz2 =qtHe -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0003
Date reported : March 31, 2016 Advisory ID : WSA-2016-0003 Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1785, CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778 Versions affected: WebKitGTK+ before 2.10.5. Credit to 0x1byte working with Trend Micro's Zero Day Initiative (ZDI).
CVE-2016-1779 Versions affected: WebKitGTK+ before 2.10.5. Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781 Versions affected: WebKitGTK+ before 2.10.5. Credit to Devdatta Akhawe of Dropbox, Inc.
CVE-2016-1782 Versions affected: WebKitGTK+ before 2.10.5. Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.
CVE-2016-1783 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mihai Parparita of Google.
CVE-2016-1785 Versions affected: WebKitGTK+ before 2.10.5. Credit to an anonymous researcher.
CVE-2016-1786 Versions affected: WebKitGTK+ before 2.10.5. Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html
The WebKitGTK+ team, March 31, 2016
. CVE-ID CVE-2016-1762
Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. CVE-ID CVE-2016-1771 : Russ Cox
Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. CVE-ID CVE-2016-1772 : WoofWagly
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs.
WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1785 : an anonymous researcher
WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0243", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "tvos", scope: "lt", trust: 1, vendor: "apple", version: "9.2", }, { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "9.3", }, { model: "safari", scope: "lt", trust: 1, vendor: "apple", version: "9.1", }, { model: "webkitgtk\\+", scope: "lt", trust: 1, vendor: "webkitgtk", version: "2.10.5", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (ipad 2 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (iphone 4s or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3 (ipod touch first 5 after generation )", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "9.1 (os x el capitan v10.11.4)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "9.1 (os x mavericks v10.9.5)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "9.1 (os x yosemite v10.10.5)", }, { model: "tvos", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2 (apple tv first 4 generation )", }, { model: "tv", scope: "eq", trust: 0.6, vendor: "apple", version: "9.1", }, { model: "iphone os", scope: "eq", trust: 0.6, vendor: "apple", version: "9.2.1", }, { model: "safari", scope: "eq", trust: 0.6, vendor: "apple", version: "9.0.3", }, { model: "open source project webkit", scope: "eq", trust: 0.3, vendor: "webkit", version: "0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3", }, { model: "ipod touch", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "iphone", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ipad", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, ], sources: [ { db: "BID", id: "85062", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "NVD", id: "CVE-2016-1783", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.10.5", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-1783", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mihai Parparita of Google and Moony Li and Jack Tang of TrendMicro", sources: [ { db: "BID", id: "85062", }, ], trust: 0.3, }, cve: "CVE-2016-1783", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 9.3, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2016-1783", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "VHN-90602", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-1783", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201603-321", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-90602", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-90602", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "NVD", id: "CVE-2016-1783", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability. \nAn attacker may exploit these issues by enticing victims into viewing a malicious webpage. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-3 tvOS 9.2\n\ntvOS 9.2 is now available and addresses the following:\n\nFontParser\nAvailable for: Apple TV (4th generation)\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro's Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1762\n\nSecurity\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTrueTypeScaler\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit History\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of\n无声信息技术PKAV Team (PKAV.net)\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -> System -> Software Update -> Update Software.\". \n\nTo check the current version of software, select\n\"Settings -> General -> About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT1222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE\nv9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl\nxA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE\n2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M\nB+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h\nQW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE\n4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ\nBL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma\nVua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG\nErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr\nlNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL\nEKY5qeXLPmBhjG354Sz2\n=qtHe\n-----END PGP SIGNATURE-----\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2016-0003\n------------------------------------------------------------------------\n\nDate reported : March 31, 2016\nAdvisory ID : WSA-2016-0003\nAdvisory URL : http://webkitgtk.org/security/WSA-2016-0003.html\nCVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,\n CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,\n CVE-2016-1786. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2016-1778\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to 0x1byte working with Trend Micro's Zero Day Initiative\n (ZDI). \n\nCVE-2016-1779\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com). \n\nCVE-2016-1781\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Devdatta Akhawe of Dropbox, Inc. \n\nCVE-2016-1782\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies\n Co.,Ltd. \n\nCVE-2016-1783\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to Mihai Parparita of Google. \n\nCVE-2016-1785\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to an anonymous researcher. \n\nCVE-2016-1786\n Versions affected: WebKitGTK+ before 2.10.5. \n Credit to ma.la of LINE Corporation. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nMarch 31, 2016\n\n. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue existed where the text of a dialog included\npage-supplied text. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: A cookie storage issue existed in the Top Sites page. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: A website may be able to track sensitive user information\nDescription: An issue existed in the handling of attachment URLs. \n\nWebKit\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a maliciously crafted website may reveal a user's\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store", sources: [ { db: "NVD", id: "CVE-2016-1783", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "BID", id: "85062", }, { db: "VULHUB", id: "VHN-90602", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "136535", }, { db: "PACKETSTORM", id: "136347", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-1783", trust: 3.1, }, { db: "SECTRACK", id: "1035353", trust: 1.7, }, { db: "JVN", id: "JVNVU97668313", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-001860", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201603-321", trust: 0.7, }, { db: "BID", id: "85062", trust: 0.3, }, { db: "VULHUB", id: "VHN-90602", trust: 0.1, }, { db: "PACKETSTORM", id: "136344", trust: 0.1, }, { db: "PACKETSTORM", id: "136535", trust: 0.1, }, { db: "PACKETSTORM", id: "136347", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-90602", }, { db: "BID", id: "85062", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "136535", }, { db: "PACKETSTORM", id: "136347", }, { db: "NVD", id: "CVE-2016-1783", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, id: "VAR-201603-0243", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-90602", }, ], trust: 0.01, }, last_update_date: "2023-12-18T10:53:46.391000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apple security updates", trust: 0.8, url: "https://support.apple.com/en-us/ht201222", }, { title: "APPLE-SA-2016-03-21-1 iOS 9.3", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html", }, { title: "APPLE-SA-2016-03-21-3 tvOS 9.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html", }, { title: "APPLE-SA-2016-03-21-6 Safari 9.1", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html", }, { title: "HT206169", trust: 0.8, url: "https://support.apple.com/en-us/ht206169", }, { title: "HT206171", trust: 0.8, url: "https://support.apple.com/en-us/ht206171", }, { title: "HT206166", trust: 0.8, url: "https://support.apple.com/en-us/ht206166", }, { title: "HT206166", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206166", }, { title: "HT206169", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206169", }, { title: "HT206171", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206171", }, { title: "Multiple Apple product WebKit Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60647", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-90602", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "NVD", id: "CVE-2016-1783", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/mar/msg00005.html", }, { trust: 1.7, url: "http://www.securityfocus.com/archive/1/537948/100/0/threaded", }, { trust: 1.7, url: "https://support.apple.com/ht206166", }, { trust: 1.7, url: "https://support.apple.com/ht206169", }, { trust: 1.7, url: "https://support.apple.com/ht206171", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1035353", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1783", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu97668313/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1783", }, { trust: 0.3, url: "http://www.apple.com/ios/", }, { trust: 0.3, url: "http://www.apple.com/safari/download/", }, { trust: 0.3, url: "http://www.webkit.org/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1783", }, { trust: 0.2, url: "https://gpgtools.org", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1784", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1762", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1781", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1782", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1779", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1786", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1785", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1778", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1751", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1755", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8659", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8035", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1753", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1750", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1819", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0801", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8242", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5312", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7942", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7500", }, { trust: 0.1, url: "https://support.apple.com/kb/ht1222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1740", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1752", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1950", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1775", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1754", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0802", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1748", }, { trust: 0.1, url: "http://webkitgtk.org/security.html", }, { trust: 0.1, url: "http://webkitgtk.org/security/wsa-2016-0003.html", }, { trust: 0.1, url: "http://www.tencent.com).", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1771", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1772", }, { trust: 0.1, url: "http://www.tencent.com)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2009-2197", }, ], sources: [ { db: "VULHUB", id: "VHN-90602", }, { db: "BID", id: "85062", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "136535", }, { db: "PACKETSTORM", id: "136347", }, { db: "NVD", id: "CVE-2016-1783", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-90602", }, { db: "BID", id: "85062", }, { db: "JVNDB", id: "JVNDB-2016-001860", }, { db: "PACKETSTORM", id: "136344", }, { db: "PACKETSTORM", id: "136535", }, { db: "PACKETSTORM", id: "136347", }, { db: "NVD", id: "CVE-2016-1783", }, { db: "CNNVD", id: "CNNVD-201603-321", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-03-24T00:00:00", db: "VULHUB", id: "VHN-90602", }, { date: "2016-03-22T00:00:00", db: "BID", id: "85062", }, { date: "2016-03-28T00:00:00", db: "JVNDB", id: "JVNDB-2016-001860", }, { date: "2016-03-22T15:12:44", db: "PACKETSTORM", id: "136344", }, { date: "2016-04-01T13:33:33", db: "PACKETSTORM", id: "136535", }, { date: "2016-03-22T15:20:32", db: "PACKETSTORM", id: "136347", }, { date: "2016-03-24T01:59:50.330000", db: "NVD", id: "CVE-2016-1783", }, { date: "2016-03-23T00:00:00", db: "CNNVD", id: "CNNVD-201603-321", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-03-25T00:00:00", db: "VULHUB", id: "VHN-90602", }, { date: "2016-07-05T22:02:00", db: "BID", id: "85062", }, { date: "2016-06-27T00:00:00", db: "JVNDB", id: "JVNDB-2016-001860", }, { date: "2019-03-25T17:38:35.227000", db: "NVD", id: "CVE-2016-1783", }, { date: "2019-03-13T00:00:00", db: "CNNVD", id: "CNNVD-201603-321", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201603-321", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution", sources: [ { db: "JVNDB", id: "JVNDB-2016-001860", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-201603-321", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.